Introduction to the X-ray Pack
Before The release of ElasticStack 5.0, there were a lot of different solutions for ELK monitoring, and the official plugin was a mess of names and had to be installed one by one. Of course, the authorities have been mindful of the public’s concerns, so they’ve come up with the X-Pack specifically for monitoring. Total contains: security, alarm, monitoring, monitoring, report, chart these five functions, here is a brief introduction to security monitoring and alarm.
If you install ELK separately, you need to install additional X-pack
security
You don’t need to enter your password to log in to Kibana without installing the X-Pack. Once you’re logged in, there’s a new Management menu in the sidebar. Click on it and there’s a section for Elasticsearch where you can set roles and permissions.
monitoring
You can see details about ELasticsearch and Kibana in the Monitoring panel on the sidebar:
Click on it and you can also view it through a very impressive line chart:
Indices can view the current index status:
Call the police
In Elasticsearch we have to set a set of conditions that will trigger the action when the conditions are met and set the frequency of monitoring. We set a 10-minute cycle to detect 5 times of ERROR in the log and trigger the corresponding action. The following four Settings are required:
- Trigger: Sets the time interval for loop execution
- Input: Sets monitoring index and trigger data
- Condition: If an ERROR occurs more than 5 times, the Condition is considered to have been triggered
- Actions: Performs specific operations
PUT _xpack/watcher/watch/log_errors
{
"metadata" : {
"color" : "red"
},
"trigger" : {
"schedule" : {
"interval" : "10m"
}
},
"input" : {
"search" : {
"request" : {
"indices" : "access-log",
"body" : {
"size" : 0,
"query" : { "match" : { "level" : "ERROR" } }
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 5 }}
},
"actions" : {
"email_administrator" : {
"email" : {
"to" : "[email protected]",
"subject" : "Encountered {{ctx.payload.hits.total}} errors",
"body" : "Find five errors in the system",
"priority" : "high"
}
}
}
}
Copy the codeNow that the log platform is basically set up, next we will have an opportunity to talk about the deployment mode from single machine to cluster and what needs to be paid attention to.
Welcome to close my personal public number: left hand code
