| Field | Descriction | eg |
|---|---|---|
| ${RESOURCE_ID} | The Elasticsearch (configured in console.yml) internal id(not cluster_uuid) | c6abfdovi074mgr185m2 |
| ${RESOURCE_NAME} | The Elasticsearch (configured in console.yml) cluster_name | es-v710 |
| ${INFINI_CONSOLE_ENDPOINT} | The host address of the current Console UI | http://192.168.3.201:9000 |
| ${SLACK_WEBHOOK_ENDPOINT} | The webhook address of the notification channel | https://hooks.slack.com/services/xxx/xxx/xxx |
Note: The following rule template content (available only after replacing the placeholder variable) can be directly copied to Console Command for execution to quickly create an rule.
#The `id` value is consistent with the `_id` value
POST .infini_alert-rule/_doc/cal8n7p7h710dpnogps1
{
"id": "cal8n7p7h710dpnogps1",
"created": "2022-06-16T03:11:01.445958361Z",
"updated": "2022-07-22T00:06:26.498903821Z",
"name": "Disk utilization is Too High",
"enabled": false,
"resource": {
"resource_id": "${RESOURCE_ID}",
"resource_name": "${RESOURCE_NAME}",
"type": "elasticsearch",
"objects": [
".infini_metrics*"
],
"filter": {},
"raw_filter": {
"bool": {
"must": [
{
"term": {
"metadata.name": {
"value": "node_stats"
}
}
},
{
"term": {
"metadata.category": {
"value": "elasticsearch"
}
}
}
]
}
},
"time_field": "timestamp",
"context": {
"fields": null
}
},
"metrics": {
"bucket_size": "1m",
"groups": [
{
"field": "metadata.labels.cluster_id",
"limit": 5
},
{
"field": "metadata.labels.node_id",
"limit": 200
}
],
"formula": "((a-b)/a)*100",
"items": [
{
"name": "a",
"field": "payload.elasticsearch.node_stats.fs.data.total_in_bytes",
"statistic": "max"
},
{
"name": "b",
"field": "payload.elasticsearch.node_stats.fs.data.free_in_bytes",
"statistic": "max"
}
],
"format_type": "ratio",
"expression": "((max(payload.elasticsearch.node_stats.fs.data.total_in_bytes)-max(payload.elasticsearch.node_stats.fs.data.free_in_bytes))/max(payload.elasticsearch.node_stats.fs.data.total_in_bytes))*100",
"title": "Disk Utilization is Too High",
"message": "Priority:{{.priority}}\nTimestamp:{{.timestamp | datetime}}\nRuleID:{{.rule_id}}\nEventID:{{.event_id}}\n{{range .results}}\nClusterID:{{index .group_values 0}} ;\nNodeID:{{index .group_values 1}} ;\nDisk Usage:{{.result_value | to_fixed 2}}%;Free Storage:{{.relation_values.b | format_bytes 2}};\n{{end}}"
},
"conditions": {
"operator": "any",
"items": [
{
"minimum_period_match": 5,
"operator": "gte",
"values": [
"85"
],
"priority": "low"
},
{
"minimum_period_match": 5,
"operator": "gte",
"values": [
"90"
],
"priority": "medium"
},
{
"minimum_period_match": 5,
"operator": "gte",
"values": [
"95"
],
"priority": "high"
}
]
},
"channels": {
"enabled": true,
"normal": [
{
"created": "0001-01-01T00:00:00Z",
"updated": "0001-01-01T00:00:00Z",
"name": "Slack",
"type": "webhook",
"webhook": {
"header_params": {
"Content-Type": "application/json"
},
"method": "POST",
"url": "${SLACK_WEBHOOK_ENDPOINT}",
"body": "{\n \"blocks\": [\n {\n \"type\": \"section\",\n \"text\": {\n \"type\": \"mrkdwn\",\n \"text\": \"Incident <${INFINI_CONSOLE_ENDPOINT}#/alerting/alert/{{.event_id}}|#{{.event_id}}> is ongoing\\n{{.title}}\"\n }\n }\n ],\n \"attachments\": [\n {{range .results}}\n {\n \"color\": {{if eq .priority \"critical\"}} \"#C91010\" {{else if eq .priority \"error\"}} \"#EB4C21\" {{else}} \"#FFB449\" {{end}},\n \"blocks\": [\n {\n \"type\": \"section\",\n \"fields\": [\n {\n \"type\": \"mrkdwn\",\n \"text\": \"*Priority:* {{.priority}}\"\n },\n {\n \"type\": \"mrkdwn\",\n \"text\": \"*ClusterID:* {{index .group_values 0}}\"\n },\n {\n \"type\": \"mrkdwn\",\n \"text\": \"*NodeID:* {{index .group_values 1}}\"\n }\n ,\n {\n \"type\": \"mrkdwn\",\n \"text\": \"*Usage:* {{.result_value | to_fixed 2}}%\"\n },\n {\n \"type\": \"mrkdwn\",\n \"text\": \"*Free:* {{.relation_values.b | format_bytes 2}}\"\n },\n {\n \"type\": \"mrkdwn\",\n \"text\": \"*Link:* <${INFINI_CONSOLE_ENDPOINT}#/cluster/overview/{{ index .group_values 0}}/nodes/{{ index .group_values 1}}|View Node Monitoring>\"\n }\n ]\n }\n ]\n },\n {{end}}\n ]\n}"
}
}
],
"throttle_period": "3h",
"accept_time_range": {
"start": "00:00",
"end": "23:59"
}
},
"schedule": {
"interval": "1m"
}
}