Shulou(Shulou.com)06/02 Report--

This article mainly introduces "how to design elasticsearch custom service alarm". In daily operation, I believe many people have doubts about how to design elasticsearch custom service alarm. I have consulted all kinds of materials and sorted out simple and easy operation methods. I hope to help you answer your doubts about "how to design elasticsearch custom service alarm"! Next, please follow the small series to learn together!

There are many interface interactions between system A and system B, but there is a period of time when the interface often reports errors. If the developer cannot know the problem at the first time and solve it in time, he will receive business complaints, and the performance of the month will be cool.

If you have this scenario, then you need a timely alert function.

implementation scheme

There are two scenarios to realize timely alarm:

There is ELK log collection

No ELK log collection

There is no ELK log collection scheme

It's very simple. To set up a log collection environment (O($>_$>)O haha ~), you need to embed hard code in the service code. Every time you catch an exception, you can directly send an alarm message to the alarm platform for alarm.

Schemes with ELK log collection

The core component is elasticsearch. All alarm schemes require alarm logs to be entered into ES, and alarm logs conforming to service specifications (such as ERROR logs) are retrieved from ES at regular intervals. Alarm notifications are triggered if the retrieved alarm logs meet certain conditions.

There are several ways to achieve this:

ES WATCHER This is the official plug-in of elasticsearch. It can provide alerts and notifications according to changes in data. Currently, it is charged. For specific operation configuration, please refer to the official address.

Elastalert is Yelp's python-based alert framework, you can go to GitHub to see how to use it. elastalert

custom development

Custom Development Implementation

It is mainly achieved by the following steps:

Separate alarm logs from service logs

To parse logs in logstash and construct formatted alarm logs, the following key parameters are required: log level, log time, log description, development module, association primary key, request parameters, and response parameters.

The scheduled task retrieves the log that meets the requirements from ES every once in a while, and sends an alarm notification if it is retrieved.

core code

Log formatting We build formatted logs directly on the client side and output them to the log file in the form of json, so that we can use json to parse them directly when parsing logstash. This step is not necessary, you can freely construct the log format, and then use grok syntax to parse it when logstash parsing.

public class AlarmLog { /** Log Level */ private String logLevel; /** Log Description */ private String message; /** The associated primary key generally uses requestId*/ private String refCode; /** Request Parameters */ private String parm; /** Response data */ private String response; /** Develop modules, configure module owners according to this parameter */ private String module; /** Log Time */ private long logTime; ...}

Key Query Specific alarm logs can be retrieved in a separate timer entry using the following query syntax. After retrieval, the specific module responsible person can be found according to the module field in the log, and then an alarm notification can be sent to the responsible person.

public List findRangeLogByLevel(DateTime minRange, DateTime maxRange, String logLevel) { //needs to be cast to lowercase logLevel = logLevel.toLowerCase(); SearchQuery searchQuery = new NativeSearchQueryBuilder() .withQuery(boolQuery() //module must have a value to alarm .must(existsQuery("module")) .must(termQuery("logLevel", logLevel)) .must(rangeQuery("logTime") .from(minRange.getMillis()) .to(maxRange.getMillis()))) .build(); return elasticsearchTemplate.queryForList(searchQuery, LogDoc.class);} This is the end of learning about "How to design custom service alerts for elasticsearch." I hope to solve your doubts. Theory and practice can better match to help everyone learn, go and try it! If you want to continue learning more relevant knowledge, please continue to pay attention to the website, Xiaobian will continue to strive to bring more practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.