EExcel 丞燕快速查詢2

EExcel 丞燕快速查詢2
EExcel 丞燕快速查詢2 https://sandk.ffbizs.com/

ElastAlert elasticsearch elk


docker-compose


version: '3.3'

services:
  elasticsearch:
    build:
      context: elasticsearch/
    volumes:
      #- ./elasticsearch/esdata:/usr/share/elasticsearch/data:rw
      - alldata:/usr/share/elasticsearch/data:rw
      #- ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
    ports:
      - "9200:9200"
      - "9300:9300"
    environment:
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    networks:
      - fastdev

  logstash:
    build:
      context: logstash/
    volumes:
      - ./logstash/config/logstash.yml:/etc/logstash/logstash.yml:ro
      - ./logstash/pipeline:/etc/logstash/conf.d:ro
    ports:
      - "5000:5000"
      - "5044:5044"
    environment:
      LS_JAVA_OPTS: "-Xmx256m -Xms256m"
    networks:
      - fastdev
    depends_on:
      - elasticsearch

  kibana:
    build:
      context: kibana/
    volumes:
      - ./kibana/config/:/usr/share/kibana/config:ro
    ports:
      - "5601:5601"
    networks:
      - fastdev
    depends_on:
      - elasticsearch

  fakelog:
    build:
      context: fakelog/
    volumes:
      - ./fakelog/logs:/ethereum-etl/output/:rw
    networks:
      - fastdev

  elastalert:
    build:
      context: elastalert/
    volumes:
      - ./elastalert/config/config.json:/opt/elastalert-server/config/config.json:ro
      - ./elastalert/config/elastalert.yaml:/opt/elastalert/config.yaml:ro
      - ./elastalert/rules:/opt/elastalert/rules:rw
      - ./elastalert/rule_templates:/opt/elastalert/rule_templates:ro
    ports:
      - "3030:3030"
    #  - "3333:3333"
    environment:
      - net=elasticsearch
    networks:
      - fastdev

volumes:  
  alldata: 

networks:
  fastdev:
    driver: bridge

Only elasticsearch/Dockerfile some error happen because debian mirror. Other YAML see before blogs


FROM java:8-jre

# grab gosu for easy step-down from root
ENV GOSU_VERSION 1.7
RUN set -x \
 && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
 && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
 && export GNUPGHOME="$(mktemp -d)" \
 && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
 && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
 && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
 && chmod +x /usr/local/bin/gosu \
 && gosu nobody true

# https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-repositories.html
# https://packages.elasticsearch.org/GPG-KEY-elasticsearch
#RUN apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys 46095ACC8548582C1A2699A9D27D666CD88E42B4

#ENV ELASTICSEARCH_MAJOR 1.7
#ENV ELASTICSEARCH_VERSION 1.7.5
#ENV ELASTICSEARCH_REPO_BASE http://packages.elasticsearch.org/elasticsearch/1.7/debian

#RUN echo "deb $ELASTICSEARCH_REPO_BASE stable main" > /etc/apt/sources.list.d/elasticsearch.list

#RUN set -x \
# && apt-get clean && apt-get update \
# && apt-get install -y --no-install-recommends elasticsearch=$ELASTICSEARCH_VERSION \
# && rm -rf /var/lib/apt/lists/*

RUN wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | apt-key add -
RUN echo "deb http://packages.elastic.co/elasticsearch/1.7/debian stable main" | tee -a /etc/apt/sources.list.d/elasticsearch-1.7.list
RUN echo "deb [check-valid-until=no] http://archive.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/jessie.list
RUN echo "deb [check-valid-until=no] http://cdn-fastly.deb.debian.org/debian jessie main" > /etc/apt/sources.list.d/jessie.list
RUN echo "deb [check-valid-until=no] http://archive.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/jessie-backports.list
RUN sed -i '/deb http:\/\/deb.debian.org\/debian jessie-updates main/d' /etc/apt/sources.list
RUN apt-get -o Acquire::Check-Valid-Until=false update && apt-get install elasticsearch

ENV PATH /usr/share/elasticsearch/bin:$PATH

WORKDIR /usr/share/elasticsearch

RUN set -ex \
 && for path in \
  ./data \
  ./logs \
  ./config \
  ./config/scripts \
 ; do \
  mkdir -p "$path"; \
  chown -R elasticsearch:elasticsearch "$path"; \
 done

COPY config ./config

#VOLUME /usr/share/elasticsearch/data

COPY docker-entrypoint.sh /
RUN chmod +x /docker-entrypoint.sh

EXPOSE 9200 9300
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["elasticsearch"]


ElastAlert/Dockerfile


FROM bitsensor/elastalert:latest

ElastAlert/config/config.json


{
  "appName": "elastalert-server",
  "port": 3030,
  "wsport": 3333,
  "elastalertPath": "/opt/elastalert",
  "verbose": false,
  "es_debug": false,
  "debug": false,
  "rulesPath": {
    "relative": true,
    "path": "/rules"
  },
  "templatesPath": {
    "relative": true,
    "path": "/rule_templates"
  },
  "es_host": "elasticsearch",
  "es_port": 9200,
  "writeback_index": "elastalert_status"
}

ElastAlert/config/elastalert.yaml


es_host: elasticsearch
es_port: 9200
rules_folder: rules

# How often ElastAlert will query elasticsearch                
# The unit can be anything from weeks to seconds
run_every:
  seconds: 5
  #minutes: 1
# ElastAlert will buffer results from the most recent                                                      
# period of time, in case some log sources are not in real time
buffer_time:
  minutes: 15
# If an alert fails for some reason, ElastAlert will retry                                                 
# sending the alert until this time period has elapsed 
alert_time_limit:
  minutes: 2
  #days: 2
  
writeback_index: elastalert_status

#smtp_host: ""

ElastAlert/config/rules/test_metric.yaml


name: Example rule

# How often ElastAlert will query elasticsearch                
# The unit can be anything from weeks to seconds
run_every:
  seconds: 5
  #minutes: 1
# ElastAlert will buffer results from the most recent                                                      
# period of time, in case some log sources are not in real time
buffer_time:
  minutes: 15
# If an alert fails for some reason, ElastAlert will retry                                                 
# sending the alert until this time period has elapsed 
alert_time_limit:
  minutes: 2
  #days: 2
    
type: metric_aggregation

index: filebeat-*

metric_agg_key: project
metric_agg_type: value_count

#query_key: "name.keyword"
doc_type: _type

max_threshold: 32
min_threshold: 19

filter:
- query:
    query_string:
      query: "srctype: geth AND project: hr AND mined AND geth_ip: \"xxx.xxx.xxx.xxx\""

#alert_subject: "No data on dashboard"
# "|" means remove useless characters
alert_text: |
    test attach
alert_text_args: []

alert:
- "email"
email:
- "1803110@narlabes.org.tw"


ElastAlert/config/rule_templates

copy file from github or not copy.
https://github.com/Yelp/elastalert/tree/master/example_rules


run ElastAlert or ElastAlert test




cd /opt/elastalert

a. elastalert

b. elastalert-test-rule ./rules/test_metric.yaml --start 2019-04-10T08:40:00.000

#At /opt/elastalert run command, it auto load config.yaml on this path. You can find "ls config.yaml".

And rules (test_metric.yaml) put on path /opt/elastalert/rules

elastalert.yml and config.json put on path /opt/elastalert-server/config