Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
es_host: 'localhost'
es_port: 9200
index: '{{ elastalert_defaults.drupal.apache.index|default("logstash-*") }}'
name: 'Apache Error {{ item.1.domain }}'
description: ''
type: 'frequency'
alert:
{% for alert in item.1.elastalert.alert %}
- '{{ alert }}'
{% endfor %}
{% for entry in ['alert_subject', 'alert_text'] %}
{% if elastalert_defaults.drupal.syslog[entry] is defined %}
{{ entry }}: '{{ elastalert_defaults.drupal.syslog[entry] }}'
{% endif %}
{% endfor %}
{% for entry in ['alert_subject_args', 'alert_text_args'] %}
{% if elastalert_defaults.drupal.syslog[entry] is defined %}
{{ entry }}:
{% for line in elastalert_defaults.drupal.syslog[entry] %}
- '{{ line }}'
{% endfor %}
{% endif %}
{% endfor %}
#generate_kibana_link: true
#use_kibana4_dashboard: 'https://{{ kibana_domain }}/app/kibana#/dashboard/Default'
#kibana_url: 'https://{{ kibana_domain }}/app/kibana'
{% for extra in elastalert_defaults.drupal.syslog.extra|default([]) %}
{{ extra }}: {{ elastalert_defaults.drupal.syslog.extra[extra]|to_nice_json }}
{% endfor %}
{% for extra in item.1.elastalert.extra|default([]) %}
{{ extra }}: {{ item.1.elastalert.extra[extra]|to_nice_json }}
{% endfor %}
filter: [
{
"query_string": {
"analyze_wildcard": true,
"query": {{ ['(@log_name:"apache.error.var.log.apache2.', item.1.domain, '-error.log" AND (', elastalert_defaults.drupal.apache.query.error, ')) OR (@log_name:"apache.access.var.log.apache2.', item.1.domain, '-access.log" AND (', elastalert_defaults.drupal.apache.query.access, '))']|join("")|to_nice_json }}
}
}
]