我从logstash获取日志并将包含ERROR的消息发送到riemann服务器。
logsash message : message" => "Jul 10 04:34:47 : [ERROR] [host] Sample abc123"
在黎曼我需要编写一个逻辑来查找相同的ERROR是否在5分钟内对同一个样本(即样本abc 123)发生超过2次然后我必须在控制台上发出警告/打印(目前我正在尝试打印测试)
下面是我达到这个目的的逻辑,目前它只打印nil而不是消息,有人可以在这里帮助我。
(by [:message]
;; over time windows of 5 seconds...
(fixed-time-window 5
;; calculate the average value of the metric and emit an average (summary) event
(combine folds/mean
;; collect the summary event over the last 3 fixed-time-windows
(moving-event-window 2
;;find the summary event with the minimum average metric
(combine folds/minimum
(where (> metric 2.0)
prn
;;(email "xyz")
)
)
)
)
)
)
(它每隔2秒打印一次消息,如果我只使用固定时间窗口,除了我只想在5分钟内出现2次相同样本时才打印)
黎曼事件例如:
:service "logstash",
:time 1468920656,
:state "critical",
:host "0.0.0.0",
:ttl nil,
:message "Jul 11 04:34:47 <hostname>: [ERROR] [xyz] - Sample abc123 causes problem for ...""