From fca69165ce810082a3d48152619b1d5212b62dc2 Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Wed, 28 Jun 2017 15:15:58 +0300 Subject: [PATCH 01/31] adding ability to define multiple import files per rule file --- elastalert/config.py | 50 ++++++++++++++++++++++-------------------- elastalert/schema.yaml | 2 +- 2 files changed, 27 insertions(+), 25 deletions(-) diff --git a/elastalert/config.py b/elastalert/config.py index 0c6336642..1e0e982a6 100644 --- a/elastalert/config.py +++ b/elastalert/config.py @@ -111,34 +111,36 @@ def load_configuration(filename, conf, args=None): def load_rule_yaml(filename): - rule = { - 'rule_file': filename, - } + return add_rule_yaml(filename, {'rule_file': filename}) - while True: - try: - loaded = yaml_loader(filename) - except yaml.scanner.ScannerError as e: - raise EAException('Could not parse file %s: %s' % (filename, e)) - - # Special case for merging filters - if both files specify a filter merge (AND) them - if 'filter' in rule and 'filter' in loaded: - rule['filter'] = loaded['filter'] + rule['filter'] - - loaded.update(rule) - rule = loaded - if 'import' in rule: - # Find the path of the next file. - if os.path.isabs(rule['import']): - filename = rule['import'] - else: - filename = os.path.join(os.path.dirname(filename), rule['import']) - del(rule['import']) # or we could go on forever! - else: - break +def add_rule_yaml(filename, rule): + try: + loaded = yaml_loader(filename) + except yaml.scanner.ScannerError as e: + raise EAException('Could not parse file %s: %s' % (filename, e)) + + # Special case for merging filters - if both files specify a filter merge (AND) them + if 'filter' in rule and 'filter' in loaded: + rule['filter'] = loaded['filter'] + rule['filter'] + + rule.update(loaded) + if 'import' in rule: + current_import = rule['import'] + del(rule['import']) # or we could go on forever! + + if isinstance(current_import, basestring): + add_rule_yaml(rule_file_import_path_to_absolute_path(filename, current_import), rule) + elif isinstance(current_import, list): + for import_target in current_import: + add_rule_yaml(rule_file_import_path_to_absolute_path(filename, import_target), rule) return rule +def rule_file_import_path_to_absolute_path(currently_parsed_file_path, import_file_path): + if os.path.isabs(import_file_path): + return import_file_path + else: + return os.path.join(os.path.dirname(currently_parsed_file_path), import_file_path) def load_options(rule, conf, filename, args=None): """ Converts time objects, sets defaults, and validates some settings. diff --git a/elastalert/schema.yaml b/elastalert/schema.yaml index 53d72b314..9a50b6aa9 100644 --- a/elastalert/schema.yaml +++ b/elastalert/schema.yaml @@ -144,7 +144,7 @@ properties: use_strftime_index: {type: boolean} # Optional Settings - import: {type: string} + import: {type: array, items: {type: string}} aggregation: *timeframe realert: *timeframe exponential_realert: *timeframe From f77f22c7a5d9b203666f7fffd08730e7ba82c41c Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Sun, 2 Jul 2017 23:12:48 +0300 Subject: [PATCH 02/31] fixed failing tests --- elastalert/config.py | 40 +++++++++++++++++++++++++++------------- elastalert/schema.yaml | 7 ++++++- 2 files changed, 33 insertions(+), 14 deletions(-) diff --git a/elastalert/config.py b/elastalert/config.py index 1e0e982a6..6433f74ce 100644 --- a/elastalert/config.py +++ b/elastalert/config.py @@ -113,28 +113,41 @@ def load_configuration(filename, conf, args=None): def load_rule_yaml(filename): return add_rule_yaml(filename, {'rule_file': filename}) -def add_rule_yaml(filename, rule): + +def add_rule_yaml(filename, parent_rule): try: - loaded = yaml_loader(filename) + loaded_rule = yaml_loader(filename) except yaml.scanner.ScannerError as e: raise EAException('Could not parse file %s: %s' % (filename, e)) - # Special case for merging filters - if both files specify a filter merge (AND) them - if 'filter' in rule and 'filter' in loaded: - rule['filter'] = loaded['filter'] + rule['filter'] - - rule.update(loaded) - if 'import' in rule: - current_import = rule['import'] - del(rule['import']) # or we could go on forever! + if 'import' in loaded_rule: + current_import = loaded_rule['import'] + del(loaded_rule['import']) # or we could go on forever! + child_rules = {} if isinstance(current_import, basestring): - add_rule_yaml(rule_file_import_path_to_absolute_path(filename, current_import), rule) + child_rules = add_rule_yaml(rule_file_import_path_to_absolute_path(filename, current_import), child_rules) elif isinstance(current_import, list): for import_target in current_import: - add_rule_yaml(rule_file_import_path_to_absolute_path(filename, import_target), rule) + child_rules = add_rule_yaml(rule_file_import_path_to_absolute_path(filename, import_target), child_rules) + loaded_rule = merge_rules(loaded_rule, child_rules) + + loaded_rule = merge_rules(parent_rule, loaded_rule) + return loaded_rule + + +def merge_rules(parent_rule, child_rule): + # Special case for merging filters - if both files specify a filter merge (AND) them + merged_filter = None + if 'filter' in parent_rule and 'filter' in child_rule: + merged_filter = child_rule['filter'] + parent_rule['filter'] + + child_rule.update(parent_rule) + if merged_filter is not None: + child_rule['filter'] = merged_filter + + return child_rule - return rule def rule_file_import_path_to_absolute_path(currently_parsed_file_path, import_file_path): if os.path.isabs(import_file_path): @@ -142,6 +155,7 @@ def rule_file_import_path_to_absolute_path(currently_parsed_file_path, import_fi else: return os.path.join(os.path.dirname(currently_parsed_file_path), import_file_path) + def load_options(rule, conf, filename, args=None): """ Converts time objects, sets defaults, and validates some settings. diff --git a/elastalert/schema.yaml b/elastalert/schema.yaml index 9a50b6aa9..99d8a7d8b 100644 --- a/elastalert/schema.yaml +++ b/elastalert/schema.yaml @@ -144,7 +144,12 @@ properties: use_strftime_index: {type: boolean} # Optional Settings - import: {type: array, items: {type: string}} + import: + anyOf: + - type: array + items: + type: string + - type: string aggregation: *timeframe realert: *timeframe exponential_realert: *timeframe From 93417ca3a4ee0aaade86ca1a55d68e87ac56f97b Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Mon, 3 Jul 2017 11:02:03 +0300 Subject: [PATCH 03/31] adding test coverage for multi file imports --- tests/config_test.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tests/config_test.py b/tests/config_test.py index 459ef42dc..40bb8dc49 100644 --- a/tests/config_test.py +++ b/tests/config_test.py @@ -93,6 +93,32 @@ def test_import_import(): assert rules['filter'] == import_rule['filter'] +def test_multi_imports(): + import_rule = copy.deepcopy(test_rule) + del(import_rule['es_host']) + del(import_rule['es_port']) + import_rule['import'] = [ + 'import_me_1.ymlt', + 'import_me_2.ymlt', + ] + import_me_1 = { + 'es_host': 'imported_host', + } + import_me_2 = { + 'es_port': 12349, + } + + with mock.patch('elastalert.config.yaml_loader') as mock_open: + mock_open.side_effect = [import_rule, import_me_1, import_me_2] + rules = load_configuration('blah.yaml', test_config) + assert mock_open.call_args_list[0][0] == ('blah.yaml',) + assert mock_open.call_args_list[1][0] == ('import_me_1.ymlt',) + assert mock_open.call_args_list[2][0] == ('import_me_2.ymlt',) + assert len(mock_open.call_args_list) == 3 + assert rules['es_port'] == 12349 + assert rules['es_host'] == 'imported_host' + + def test_import_absolute_import(): import_rule = copy.deepcopy(test_rule) del(import_rule['es_host']) From eef4ccf6a1b0c5776a6a98faa168a6e2c2390a12 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Tue, 31 Jul 2018 14:24:29 +0300 Subject: [PATCH 04/31] adding the function and the calling - leaving sample sending 11 --- elastalert/elastalert.py | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index e71f92cb1..22aedac33 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -13,7 +13,7 @@ from email.mime.text import MIMEText from smtplib import SMTP from smtplib import SMTPException -from socket import error +from socket import error, socket, AF_INET, SOCK_DGRAM import dateutil.tz import kibana @@ -152,6 +152,7 @@ def __init__(self, args): self.disabled_rules = [] self.replace_dots_in_field_names = self.conf.get('replace_dots_in_field_names', False) self.string_multi_field_name = self.conf.get('string_multi_field_name', False) + self.statsd_addr = ('statsd', 8125) self.writeback_es = elasticsearch_client(self.conf) self._es_version = None @@ -1101,6 +1102,17 @@ def wait_until_responsive(self, timeout, clock=timeit.default_timer): ) exit(1) + def send_via_udp(_dict, addr): + """ + Sends key/value pairs via UDP. + >>> self.send_via_udp({"example.send":"11|c"}, ("127.0.0.1", 8125)) + """ + + udp_sock = socket(AF_INET, SOCK_DGRAM) + + for item in _dict.items(): + udp_sock.sendto(":".join(item).encode('utf-8'), addr) + def run_all_rules(self): """ Run each rule one time """ self.send_pending_alerts() @@ -1129,6 +1141,30 @@ def run_all_rules(self): elastalert_logger.info("Ran %s from %s to %s: %s query hits (%s already seen), %s matches," " %s alerts sent" % (rule['name'], old_starttime, pretty_ts(endtime, rule.get('use_local_time')), total_hits, self.num_dupes, num_matches, self.alerts_sent)) + + # TO_DELETE + self.send_via_udp({"sample_query.hits":"11|g"}, self.statsd_addr) + elastalert_logger.info("metrics sent sample_query hits statsd exporter") + # TO_DELETE + + + hits_gauge = total_hits +"|g" + self.send_via_udp({"gauge_query.hits":hits_gauge}, self.statsd_addr) + elastalert_logger.info("metrics sent gauge_query hits statsd exporter") + + dupes_gauge = self.num_dupes +"|g" + self.send_via_udp({"gauge_already_seen.hits":dupes_gauge}, self.statsd_addr) + elastalert_logger.info("metrics sent gauge_already_seen hits statsd exporter") + + matches_gauge = num_matches +"|g" + self.send_via_udp({"gauge_query.matches":matches_gauge}, self.statsd_addr) + elastalert_logger.info("metrics sent gauge_query matches statsd exporter") + + alerts_gauge = self.alerts_sent +"|g" + self.send_via_udp({"gauge_query.alerts_sent":alerts_gauge}, self.statsd_addr) + elastalert_logger.info("metrics sent gauge_query alerts_sent statsd exporter") + + self.alerts_sent = 0 if next_run < datetime.datetime.utcnow(): From 91cd3de0bc94dc56491e0924746bd7037957d556 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Tue, 31 Jul 2018 14:53:12 +0300 Subject: [PATCH 05/31] change from addr var to raw inpute --- elastalert/elastalert.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 22aedac33..3ab12b044 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1143,25 +1143,26 @@ def run_all_rules(self): total_hits, self.num_dupes, num_matches, self.alerts_sent)) # TO_DELETE - self.send_via_udp({"sample_query.hits":"11|g"}, self.statsd_addr) + #self.statsd_addr = ('statsd', 8125) + self.send_via_udp({"sample_query.hits":"11|g"}, ('statsd', 8125)) elastalert_logger.info("metrics sent sample_query hits statsd exporter") # TO_DELETE hits_gauge = total_hits +"|g" - self.send_via_udp({"gauge_query.hits":hits_gauge}, self.statsd_addr) + self.send_via_udp({"gauge_query.hits":hits_gauge}, ('statsd', 8125)) elastalert_logger.info("metrics sent gauge_query hits statsd exporter") dupes_gauge = self.num_dupes +"|g" - self.send_via_udp({"gauge_already_seen.hits":dupes_gauge}, self.statsd_addr) + self.send_via_udp({"gauge_already_seen.hits":dupes_gauge}, ('statsd', 8125)) elastalert_logger.info("metrics sent gauge_already_seen hits statsd exporter") matches_gauge = num_matches +"|g" - self.send_via_udp({"gauge_query.matches":matches_gauge}, self.statsd_addr) + self.send_via_udp({"gauge_query.matches":matches_gauge}, ('statsd', 8125)) elastalert_logger.info("metrics sent gauge_query matches statsd exporter") alerts_gauge = self.alerts_sent +"|g" - self.send_via_udp({"gauge_query.alerts_sent":alerts_gauge}, self.statsd_addr) + self.send_via_udp({"gauge_query.alerts_sent":alerts_gauge}, ('statsd', 8125)) elastalert_logger.info("metrics sent gauge_query alerts_sent statsd exporter") From 4688bce7bdb08631dd0631eeea3c242ac96144fb Mon Sep 17 00:00:00 2001 From: shir menaya Date: Tue, 31 Jul 2018 15:06:00 +0300 Subject: [PATCH 06/31] not taking my zip! --- elastalert/elastalert.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 3ab12b044..3aa296afa 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1144,25 +1144,25 @@ def run_all_rules(self): # TO_DELETE #self.statsd_addr = ('statsd', 8125) - self.send_via_udp({"sample_query.hits":"11|g"}, ('statsd', 8125)) + #self.send_via_udp({"sample_query.hits":"11|g"}, ('statsd', 8125)) elastalert_logger.info("metrics sent sample_query hits statsd exporter") # TO_DELETE hits_gauge = total_hits +"|g" - self.send_via_udp({"gauge_query.hits":hits_gauge}, ('statsd', 8125)) + #self.send_via_udp({"gauge_query.hits":hits_gauge}, ('statsd', 8125)) elastalert_logger.info("metrics sent gauge_query hits statsd exporter") dupes_gauge = self.num_dupes +"|g" - self.send_via_udp({"gauge_already_seen.hits":dupes_gauge}, ('statsd', 8125)) + #self.send_via_udp({"gauge_already_seen.hits":dupes_gauge}, ('statsd', 8125)) elastalert_logger.info("metrics sent gauge_already_seen hits statsd exporter") matches_gauge = num_matches +"|g" - self.send_via_udp({"gauge_query.matches":matches_gauge}, ('statsd', 8125)) + #self.send_via_udp({"gauge_query.matches":matches_gauge}, ('statsd', 8125)) elastalert_logger.info("metrics sent gauge_query matches statsd exporter") alerts_gauge = self.alerts_sent +"|g" - self.send_via_udp({"gauge_query.alerts_sent":alerts_gauge}, ('statsd', 8125)) + #self.send_via_udp({"gauge_query.alerts_sent":alerts_gauge}, ('statsd', 8125)) elastalert_logger.info("metrics sent gauge_query alerts_sent statsd exporter") From d653455e9baee9244ab95248094c23ecfc1f4981 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Tue, 31 Jul 2018 15:06:43 +0300 Subject: [PATCH 07/31] not taking my zip! --- elastalert/elastalert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 3aa296afa..543e72ae7 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1144,7 +1144,7 @@ def run_all_rules(self): # TO_DELETE #self.statsd_addr = ('statsd', 8125) - #self.send_via_udp({"sample_query.hits":"11|g"}, ('statsd', 8125)) + self.send_via_udp({"sample_query.hits":"11|g"}, ('statsd', 8125)) elastalert_logger.info("metrics sent sample_query hits statsd exporter") # TO_DELETE From dc6474674daf10c744789d2a546deb6b46030cda Mon Sep 17 00:00:00 2001 From: shir menaya Date: Tue, 31 Jul 2018 15:32:00 +0300 Subject: [PATCH 08/31] self --- elastalert/elastalert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 543e72ae7..9e6f81b21 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1102,7 +1102,7 @@ def wait_until_responsive(self, timeout, clock=timeit.default_timer): ) exit(1) - def send_via_udp(_dict, addr): + def send_via_udp(self, _dict, addr): """ Sends key/value pairs via UDP. >>> self.send_via_udp({"example.send":"11|c"}, ("127.0.0.1", 8125)) From 494e072b3efd1afa081fe220eb502d578b67a4ed Mon Sep 17 00:00:00 2001 From: shir menaya Date: Tue, 31 Jul 2018 15:39:59 +0300 Subject: [PATCH 09/31] function --- elastalert/elastalert.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 9e6f81b21..9ade6d53c 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -152,7 +152,7 @@ def __init__(self, args): self.disabled_rules = [] self.replace_dots_in_field_names = self.conf.get('replace_dots_in_field_names', False) self.string_multi_field_name = self.conf.get('string_multi_field_name', False) - self.statsd_addr = ('statsd', 8125) + self.statsd_addr = ('statsd_exporter', 8125) self.writeback_es = elasticsearch_client(self.conf) self._es_version = None @@ -1143,8 +1143,7 @@ def run_all_rules(self): total_hits, self.num_dupes, num_matches, self.alerts_sent)) # TO_DELETE - #self.statsd_addr = ('statsd', 8125) - self.send_via_udp({"sample_query.hits":"11|g"}, ('statsd', 8125)) + self.send_via_udp({"sample_query.hits":"11|g"}, self.statsd_addr) elastalert_logger.info("metrics sent sample_query hits statsd exporter") # TO_DELETE From 8f6590376158f9dcb96f169a72f6ac26ad976742 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Tue, 31 Jul 2018 15:56:57 +0300 Subject: [PATCH 10/31] send the real metrics --- elastalert/elastalert.py | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 9ade6d53c..93a7cc8c9 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1142,29 +1142,18 @@ def run_all_rules(self): " %s alerts sent" % (rule['name'], old_starttime, pretty_ts(endtime, rule.get('use_local_time')), total_hits, self.num_dupes, num_matches, self.alerts_sent)) - # TO_DELETE - self.send_via_udp({"sample_query.hits":"11|g"}, self.statsd_addr) - elastalert_logger.info("metrics sent sample_query hits statsd exporter") - # TO_DELETE - - - hits_gauge = total_hits +"|g" - #self.send_via_udp({"gauge_query.hits":hits_gauge}, ('statsd', 8125)) + self.send_via_udp({"gauge_query.hits":str(total_hits) + "|g"}, self.statsd_addr) elastalert_logger.info("metrics sent gauge_query hits statsd exporter") - dupes_gauge = self.num_dupes +"|g" - #self.send_via_udp({"gauge_already_seen.hits":dupes_gauge}, ('statsd', 8125)) + self.send_via_udp({"gauge_already_seen.hits":str(self.num_dupes) +"|g"}, self.statsd_addr) elastalert_logger.info("metrics sent gauge_already_seen hits statsd exporter") - matches_gauge = num_matches +"|g" - #self.send_via_udp({"gauge_query.matches":matches_gauge}, ('statsd', 8125)) + self.send_via_udp({"gauge_query.matches":str(num_matches) +"|g"}, self.statsd_addr) elastalert_logger.info("metrics sent gauge_query matches statsd exporter") - alerts_gauge = self.alerts_sent +"|g" - #self.send_via_udp({"gauge_query.alerts_sent":alerts_gauge}, ('statsd', 8125)) + self.send_via_udp({"gauge_query.alerts_sent":str(self.alerts_sent) +"|g"}, self.statsd_addr) elastalert_logger.info("metrics sent gauge_query alerts_sent statsd exporter") - self.alerts_sent = 0 if next_run < datetime.datetime.utcnow(): From a028d8e3f460cccb69ee1807bf4fbeb1871e4846 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Tue, 31 Jul 2018 15:59:00 +0300 Subject: [PATCH 11/31] myip --- elastalert/elastalert.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 93a7cc8c9..1c589c263 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1142,7 +1142,9 @@ def run_all_rules(self): " %s alerts sent" % (rule['name'], old_starttime, pretty_ts(endtime, rule.get('use_local_time')), total_hits, self.num_dupes, num_matches, self.alerts_sent)) - self.send_via_udp({"gauge_query.hits":str(total_hits) + "|g"}, self.statsd_addr) + myip = socket.gethostbyname(socket.gethostname()) + + self.send_via_udp({"gauge_query.hits."+ str(myip):str(total_hits) + "|g"}, self.statsd_addr) elastalert_logger.info("metrics sent gauge_query hits statsd exporter") self.send_via_udp({"gauge_already_seen.hits":str(self.num_dupes) +"|g"}, self.statsd_addr) From 0b4295f6ce7c8ebb10e84c632172b7e61cf49b35 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Tue, 31 Jul 2018 16:28:58 +0300 Subject: [PATCH 12/31] socket.socker --- elastalert/elastalert.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 1c589c263..8def25c16 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1142,18 +1142,18 @@ def run_all_rules(self): " %s alerts sent" % (rule['name'], old_starttime, pretty_ts(endtime, rule.get('use_local_time')), total_hits, self.num_dupes, num_matches, self.alerts_sent)) - myip = socket.gethostbyname(socket.gethostname()) + localhost_ip = socket.socket.gethostbyname(socket.gethostname()) - self.send_via_udp({"gauge_query.hits."+ str(myip):str(total_hits) + "|g"}, self.statsd_addr) + self.send_via_udp({"gauge_query.hits." + str(localhost_ip):str(total_hits) + "|g"}, self.statsd_addr) elastalert_logger.info("metrics sent gauge_query hits statsd exporter") - self.send_via_udp({"gauge_already_seen.hits":str(self.num_dupes) +"|g"}, self.statsd_addr) + self.send_via_udp({"gauge_already_seen.hits" + str(localhost_ip):str(self.num_dupes) +"|g"}, self.statsd_addr) elastalert_logger.info("metrics sent gauge_already_seen hits statsd exporter") - self.send_via_udp({"gauge_query.matches":str(num_matches) +"|g"}, self.statsd_addr) + self.send_via_udp({"gauge_query.matches" + str(localhost_ip):str(num_matches) +"|g"}, self.statsd_addr) elastalert_logger.info("metrics sent gauge_query matches statsd exporter") - self.send_via_udp({"gauge_query.alerts_sent":str(self.alerts_sent) +"|g"}, self.statsd_addr) + self.send_via_udp({"gauge_query.alerts_sent" + str(localhost_ip):str(self.alerts_sent) +"|g"}, self.statsd_addr) elastalert_logger.info("metrics sent gauge_query alerts_sent statsd exporter") self.alerts_sent = 0 From c8bd8bdf73c5f1bd3ae736620171da3dbbe9c135 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Tue, 31 Jul 2018 16:43:58 +0300 Subject: [PATCH 13/31] without ip --- elastalert/elastalert.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 8def25c16..fc52b8e8c 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1142,18 +1142,16 @@ def run_all_rules(self): " %s alerts sent" % (rule['name'], old_starttime, pretty_ts(endtime, rule.get('use_local_time')), total_hits, self.num_dupes, num_matches, self.alerts_sent)) - localhost_ip = socket.socket.gethostbyname(socket.gethostname()) - - self.send_via_udp({"gauge_query.hits." + str(localhost_ip):str(total_hits) + "|g"}, self.statsd_addr) + self.send_via_udp({"gauge_query.hits.":str(total_hits) + "|g"}, self.statsd_addr) elastalert_logger.info("metrics sent gauge_query hits statsd exporter") - self.send_via_udp({"gauge_already_seen.hits" + str(localhost_ip):str(self.num_dupes) +"|g"}, self.statsd_addr) + self.send_via_udp({"gauge_already_seen.hits":str(self.num_dupes) +"|g"}, self.statsd_addr) elastalert_logger.info("metrics sent gauge_already_seen hits statsd exporter") - self.send_via_udp({"gauge_query.matches" + str(localhost_ip):str(num_matches) +"|g"}, self.statsd_addr) + self.send_via_udp({"gauge_query.matches":str(num_matches) +"|g"}, self.statsd_addr) elastalert_logger.info("metrics sent gauge_query matches statsd exporter") - self.send_via_udp({"gauge_query.alerts_sent" + str(localhost_ip):str(self.alerts_sent) +"|g"}, self.statsd_addr) + self.send_via_udp({"gauge_query.alerts_sent":str(self.alerts_sent) +"|g"}, self.statsd_addr) elastalert_logger.info("metrics sent gauge_query alerts_sent statsd exporter") self.alerts_sent = 0 From c849493042589e0d774d659e709d9d61c84e0e0a Mon Sep 17 00:00:00 2001 From: shir menaya Date: Tue, 31 Jul 2018 16:53:08 +0300 Subject: [PATCH 14/31] done --- elastalert/elastalert.py | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index fc52b8e8c..1b3daa800 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1142,17 +1142,10 @@ def run_all_rules(self): " %s alerts sent" % (rule['name'], old_starttime, pretty_ts(endtime, rule.get('use_local_time')), total_hits, self.num_dupes, num_matches, self.alerts_sent)) - self.send_via_udp({"gauge_query.hits.":str(total_hits) + "|g"}, self.statsd_addr) - elastalert_logger.info("metrics sent gauge_query hits statsd exporter") - - self.send_via_udp({"gauge_already_seen.hits":str(self.num_dupes) +"|g"}, self.statsd_addr) - elastalert_logger.info("metrics sent gauge_already_seen hits statsd exporter") - - self.send_via_udp({"gauge_query.matches":str(num_matches) +"|g"}, self.statsd_addr) - elastalert_logger.info("metrics sent gauge_query matches statsd exporter") - - self.send_via_udp({"gauge_query.alerts_sent":str(self.alerts_sent) +"|g"}, self.statsd_addr) - elastalert_logger.info("metrics sent gauge_query alerts_sent statsd exporter") + self.send_via_udp({"query.hits.":str(total_hits) + "|g"}, self.statsd_addr) + self.send_via_udp({"already_seen.hits":str(self.num_dupes) +"|g"}, self.statsd_addr) + self.send_via_udp({"query.matches":str(num_matches) +"|g"}, self.statsd_addr) + self.send_via_udp({"query.alerts_sent":str(self.alerts_sent) +"|g"}, self.statsd_addr) self.alerts_sent = 0 From 1ca9c2aa6b95a1435686b8d9a6834aadfea817b9 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Wed, 1 Aug 2018 12:34:18 +0300 Subject: [PATCH 15/31] using statd StatsClient and adding conatiner name to the metrics --- .travis.yml | 2 +- elastalert/elastalert.py | 30 ++++++++++++++---------------- 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/.travis.yml b/.travis.yml index 363e4f6eb..d2f119bb1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ env: - TOXENV=docs - TOXENV=py27 install: -- pip install urllib3 tox +- pip install urllib3 tox statsd dnspython script: make test deploy: provider: pypi diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 1b3daa800..e75b0e113 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -14,6 +14,8 @@ from smtplib import SMTP from smtplib import SMTPException from socket import error, socket, AF_INET, SOCK_DGRAM +from statsd import StatsClient +import dns.resolver,dns.reversename import dateutil.tz import kibana @@ -152,7 +154,14 @@ def __init__(self, args): self.disabled_rules = [] self.replace_dots_in_field_names = self.conf.get('replace_dots_in_field_names', False) self.string_multi_field_name = self.conf.get('string_multi_field_name', False) - self.statsd_addr = ('statsd_exporter', 8125) + self.host_ip = [l for l in ([ip for ip in socket.gethostbyname_ex(socket.gethostname())[2] + if not ip.startswith("127.")][:1], [[(s.connect(('8.8.8.8', 53)), + s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, + socket.SOCK_DGRAM)]][0][1]]) if l][0][0] + self.statsd_prefix = str(dns.resolver.query(dns.reversename.from_address(self.host_ip),"PTR")[0]) + self.statsd = StatsClient(host='statsd_exporter', + port=8125, + prefix=self.statsd_prefix) self.writeback_es = elasticsearch_client(self.conf) self._es_version = None @@ -1102,17 +1111,6 @@ def wait_until_responsive(self, timeout, clock=timeit.default_timer): ) exit(1) - def send_via_udp(self, _dict, addr): - """ - Sends key/value pairs via UDP. - >>> self.send_via_udp({"example.send":"11|c"}, ("127.0.0.1", 8125)) - """ - - udp_sock = socket(AF_INET, SOCK_DGRAM) - - for item in _dict.items(): - udp_sock.sendto(":".join(item).encode('utf-8'), addr) - def run_all_rules(self): """ Run each rule one time """ self.send_pending_alerts() @@ -1142,10 +1140,10 @@ def run_all_rules(self): " %s alerts sent" % (rule['name'], old_starttime, pretty_ts(endtime, rule.get('use_local_time')), total_hits, self.num_dupes, num_matches, self.alerts_sent)) - self.send_via_udp({"query.hits.":str(total_hits) + "|g"}, self.statsd_addr) - self.send_via_udp({"already_seen.hits":str(self.num_dupes) +"|g"}, self.statsd_addr) - self.send_via_udp({"query.matches":str(num_matches) +"|g"}, self.statsd_addr) - self.send_via_udp({"query.alerts_sent":str(self.alerts_sent) +"|g"}, self.statsd_addr) + self.statsd.gauge('query.hits', total_hits) + self.statsd.gauge('already_seen.hits', self.num_dupes) + self.statsd.gauge('query.matches', num_matches) + self.statsd.gauge('query.alerts_sent', self.alerts_sent) self.alerts_sent = 0 From 858681cf6314d771951585e16a198e1b3017641d Mon Sep 17 00:00:00 2001 From: shir menaya Date: Wed, 1 Aug 2018 12:49:21 +0300 Subject: [PATCH 16/31] import socket --- elastalert/elastalert.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index e75b0e113..43d875306 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -10,10 +10,11 @@ import time import timeit import traceback +import socket from email.mime.text import MIMEText from smtplib import SMTP from smtplib import SMTPException -from socket import error, socket, AF_INET, SOCK_DGRAM +#from socket import error, socket, AF_INET, SOCK_DGRAM from statsd import StatsClient import dns.resolver,dns.reversename From e2ff9ceeb2b89657e4f3b0affbed3136702d3ff7 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Wed, 1 Aug 2018 13:00:33 +0300 Subject: [PATCH 17/31] delete from socket --- elastalert/elastalert.py | 1 - 1 file changed, 1 deletion(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 43d875306..4c7234a00 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -14,7 +14,6 @@ from email.mime.text import MIMEText from smtplib import SMTP from smtplib import SMTPException -#from socket import error, socket, AF_INET, SOCK_DGRAM from statsd import StatsClient import dns.resolver,dns.reversename From f238a03aca605d9cfa6378d4868a5ae774bf7656 Mon Sep 17 00:00:00 2001 From: shirpx <33197846+shirpx@users.noreply.github.com> Date: Sun, 5 Aug 2018 16:24:23 +0300 Subject: [PATCH 18/31] Update .travis.yml --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index d2f119bb1..937b027d3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ env: - TOXENV=docs - TOXENV=py27 install: -- pip install urllib3 tox statsd dnspython +- pip install urllib3 tox statsd script: make test deploy: provider: pypi From 76fd5f27e8914768f82564dbf759caf25247548b Mon Sep 17 00:00:00 2001 From: shir menaya Date: Sun, 5 Aug 2018 16:27:07 +0300 Subject: [PATCH 19/31] hostname --- elastalert/elastalert.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 4c7234a00..5a95a050b 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -154,11 +154,7 @@ def __init__(self, args): self.disabled_rules = [] self.replace_dots_in_field_names = self.conf.get('replace_dots_in_field_names', False) self.string_multi_field_name = self.conf.get('string_multi_field_name', False) - self.host_ip = [l for l in ([ip for ip in socket.gethostbyname_ex(socket.gethostname())[2] - if not ip.startswith("127.")][:1], [[(s.connect(('8.8.8.8', 53)), - s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, - socket.SOCK_DGRAM)]][0][1]]) if l][0][0] - self.statsd_prefix = str(dns.resolver.query(dns.reversename.from_address(self.host_ip),"PTR")[0]) + self.statsd_prefix = socket.gethostname() self.statsd = StatsClient(host='statsd_exporter', port=8125, prefix=self.statsd_prefix) From f3576d300935ccb9a51a5495f73942dd0b36aa99 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Sun, 5 Aug 2018 16:27:36 +0300 Subject: [PATCH 20/31] dns --- elastalert/elastalert.py | 1 - 1 file changed, 1 deletion(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 5a95a050b..67b05213d 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -15,7 +15,6 @@ from smtplib import SMTP from smtplib import SMTPException from statsd import StatsClient -import dns.resolver,dns.reversename import dateutil.tz import kibana From 40ccda52e4614996c14a927561e679b7dc600d67 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Mon, 6 Aug 2018 19:08:43 +0300 Subject: [PATCH 21/31] adding statsd-tags --- elastalert/elastalert.py | 10 +++++----- src/pip-delete-this-directory.txt | 5 +++++ src/statsd-telegraf | 1 + 3 files changed, 11 insertions(+), 5 deletions(-) create mode 100644 src/pip-delete-this-directory.txt create mode 160000 src/statsd-telegraf diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 67b05213d..700162d8e 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -11,10 +11,10 @@ import timeit import traceback import socket +import statsd from email.mime.text import MIMEText from smtplib import SMTP from smtplib import SMTPException -from statsd import StatsClient import dateutil.tz import kibana @@ -1135,10 +1135,10 @@ def run_all_rules(self): " %s alerts sent" % (rule['name'], old_starttime, pretty_ts(endtime, rule.get('use_local_time')), total_hits, self.num_dupes, num_matches, self.alerts_sent)) - self.statsd.gauge('query.hits', total_hits) - self.statsd.gauge('already_seen.hits', self.num_dupes) - self.statsd.gauge('query.matches', num_matches) - self.statsd.gauge('query.alerts_sent', self.alerts_sent) + self.statsd.gauge('query.hits', total_hits, tags = {"rule_name": rule['name']}) + self.statsd.gauge('already_seen.hits', self.num_dupes, tags = {"rule_name": rule['name']}) + self.statsd.gauge('query.matches', num_matches, tags = {"rule_name": rule['name']}) + self.statsd.gauge('query.alerts_sent', self.alerts_sent, tags = {"rule_name": rule['name']}) self.alerts_sent = 0 diff --git a/src/pip-delete-this-directory.txt b/src/pip-delete-this-directory.txt new file mode 100644 index 000000000..c8883ea99 --- /dev/null +++ b/src/pip-delete-this-directory.txt @@ -0,0 +1,5 @@ +This file is placed here by pip to indicate the source was put +here by pip. + +Once this package is successfully installed this source code will be +deleted (unless you remove this file). diff --git a/src/statsd-telegraf b/src/statsd-telegraf new file mode 160000 index 000000000..e6f1f946a --- /dev/null +++ b/src/statsd-telegraf @@ -0,0 +1 @@ +Subproject commit e6f1f946a78a08ac9d015c126012ec12499c5cfc From 428126fb885edfc7c1e8e00f7f2bd802efd6cbdd Mon Sep 17 00:00:00 2001 From: shir menaya Date: Mon, 6 Aug 2018 19:11:19 +0300 Subject: [PATCH 22/31] adding statsd-tags --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 937b027d3..47a85c791 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ env: - TOXENV=docs - TOXENV=py27 install: -- pip install urllib3 tox statsd +- pip install urllib3 tox statsd statsd-tags script: make test deploy: provider: pypi From 8959b85f953e437b5e2182ec16fd4407ac67f831 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Mon, 6 Aug 2018 19:23:25 +0300 Subject: [PATCH 23/31] client --- elastalert/elastalert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 700162d8e..935723136 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -154,7 +154,7 @@ def __init__(self, args): self.replace_dots_in_field_names = self.conf.get('replace_dots_in_field_names', False) self.string_multi_field_name = self.conf.get('string_multi_field_name', False) self.statsd_prefix = socket.gethostname() - self.statsd = StatsClient(host='statsd_exporter', + self.statsd = statsd.StatsClient(host='statsd_exporter', port=8125, prefix=self.statsd_prefix) From 0375b423b094b9043292bd855c931e0cdc582ba5 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Mon, 6 Aug 2018 19:27:32 +0300 Subject: [PATCH 24/31] Test:s --- elastalert/elastalert.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 935723136..8583e9bf3 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1135,10 +1135,10 @@ def run_all_rules(self): " %s alerts sent" % (rule['name'], old_starttime, pretty_ts(endtime, rule.get('use_local_time')), total_hits, self.num_dupes, num_matches, self.alerts_sent)) - self.statsd.gauge('query.hits', total_hits, tags = {"rule_name": rule['name']}) - self.statsd.gauge('already_seen.hits', self.num_dupes, tags = {"rule_name": rule['name']}) - self.statsd.gauge('query.matches', num_matches, tags = {"rule_name": rule['name']}) - self.statsd.gauge('query.alerts_sent', self.alerts_sent, tags = {"rule_name": rule['name']}) + self.statsd.gauge('query.hits', total_hits, tags={"rule_name": rule['name']}) + self.statsd.gauge('already_seen.hits', self.num_dupes,tags={"rule_name": rule['name']}) + self.statsd.gauge('query.matches', num_matches, tags={"rule_name": rule['name']}) + self.statsd.gauge('query.alerts_sent', self.alerts_sent, tags={"test":"shir", "rule_name": rule['name']}) self.alerts_sent = 0 From 464148fbe970cba5fcee7f1263c3ebc7635ec9e7 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Mon, 6 Aug 2018 19:29:32 +0300 Subject: [PATCH 25/31] Test:s --- elastalert/elastalert.py | 1 + 1 file changed, 1 insertion(+) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 8583e9bf3..4820adec2 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1139,6 +1139,7 @@ def run_all_rules(self): self.statsd.gauge('already_seen.hits', self.num_dupes,tags={"rule_name": rule['name']}) self.statsd.gauge('query.matches', num_matches, tags={"rule_name": rule['name']}) self.statsd.gauge('query.alerts_sent', self.alerts_sent, tags={"test":"shir", "rule_name": rule['name']}) + self.statsd.gauge('querytest', self.alerts_sent, tags={"test":"shir"}) self.alerts_sent = 0 From 42de14b3b4475d01500d5afc586bcdfe5b0715e9 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Mon, 6 Aug 2018 20:04:44 +0300 Subject: [PATCH 26/31] adding rule duration --- elastalert/elastalert.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 4820adec2..824f1a195 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1134,12 +1134,13 @@ def run_all_rules(self): elastalert_logger.info("Ran %s from %s to %s: %s query hits (%s already seen), %s matches," " %s alerts sent" % (rule['name'], old_starttime, pretty_ts(endtime, rule.get('use_local_time')), total_hits, self.num_dupes, num_matches, self.alerts_sent)) + rule_duration = endtime - rule.get('original_starttime') + elastalert_logger.info("%s range %s" % (rule['name'], rule_duration)) self.statsd.gauge('query.hits', total_hits, tags={"rule_name": rule['name']}) self.statsd.gauge('already_seen.hits', self.num_dupes,tags={"rule_name": rule['name']}) self.statsd.gauge('query.matches', num_matches, tags={"rule_name": rule['name']}) - self.statsd.gauge('query.alerts_sent', self.alerts_sent, tags={"test":"shir", "rule_name": rule['name']}) - self.statsd.gauge('querytest', self.alerts_sent, tags={"test":"shir"}) + self.statsd.gauge('query.alerts_sent', self.alerts_sent, tags={"rule_name": rule['name']}) self.alerts_sent = 0 From 18952fd268f0ed5a251ca10c5a0dfc2a19a33c52 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Mon, 6 Aug 2018 20:43:35 +0300 Subject: [PATCH 27/31] statsd prefix from conf file --- config.yaml.example | 3 +++ docs/source/ruletypes.rst | 7 +++++++ docs/source/running_elastalert.rst | 2 ++ elastalert/config.py | 3 ++- elastalert/elastalert.py | 3 ++- 5 files changed, 16 insertions(+), 2 deletions(-) diff --git a/config.yaml.example b/config.yaml.example index beec38030..b86babb2f 100644 --- a/config.yaml.example +++ b/config.yaml.example @@ -30,6 +30,9 @@ es_port: 9200 # Optional URL prefix for Elasticsearch #es_url_prefix: elasticsearch +# Optional prefix for statsd metrics +#statsd_metrics_prefix: elasticsearch + # Connect with TLS to Elasticsearch #use_ssl: True diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index 31a9d39e1..5e05a2b6c 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -40,6 +40,8 @@ Rule Configuration Cheat Sheet +--------------------------------------------------------------+ | | ``es_url_prefix`` (string, no default) | | +--------------------------------------------------------------+ | +| ``statsd_metrics_prefix`` (string, no default) | | ++--------------------------------------------------------------+ | | ``es_send_get_body_as`` (string, default "GET") | | +--------------------------------------------------------------+ | | ``aggregation`` (time, no default) | | @@ -271,6 +273,11 @@ es_url_prefix ``es_url_prefix``: URL prefix for the Elasticsearch endpoint. (Optional, string, no default) +statsd_metrics_prefix +^^^^^^^^^^^^^ + +``statsd_metrics_prefix``: prefix for statsd metrics. (Optional, string, no default) + es_send_get_body_as ^^^^^^^^^^^^^^^^^^^ diff --git a/docs/source/running_elastalert.rst b/docs/source/running_elastalert.rst index 09e307c24..94ae8f290 100644 --- a/docs/source/running_elastalert.rst +++ b/docs/source/running_elastalert.rst @@ -66,6 +66,8 @@ Next, open up config.yaml.example. In it, you will find several configuration op ``es_url_prefix``: Optional; URL prefix for the Elasticsearch endpoint. +``statsd_metrics_prefix``: Optional; prefix for statsd metrics. + ``es_send_get_body_as``: Optional; Method for querying Elasticsearch - ``GET``, ``POST`` or ``source``. The default is ``GET`` ``writeback_index`` is the name of the index in which ElastAlert will store data. We will create this index later. diff --git a/elastalert/config.py b/elastalert/config.py index eea6ecdeb..1fedebb8a 100644 --- a/elastalert/config.py +++ b/elastalert/config.py @@ -38,7 +38,8 @@ 'ES_USERNAME': 'es_username', 'ES_HOST': 'es_host', 'ES_PORT': 'es_port', - 'ES_URL_PREFIX': 'es_url_prefix'} + 'ES_URL_PREFIX': 'es_url_prefix' + 'STATSD_METRICS_PREFIX': 'statsd_metrics_prefix'} env = Env(ES_USE_SSL=bool) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 824f1a195..5e1fc1ee3 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -153,7 +153,8 @@ def __init__(self, args): self.disabled_rules = [] self.replace_dots_in_field_names = self.conf.get('replace_dots_in_field_names', False) self.string_multi_field_name = self.conf.get('string_multi_field_name', False) - self.statsd_prefix = socket.gethostname() + self.statsd_prefix = os.environ.get('es_url_prefix', '') + #self.statsd_prefix = socket.gethostname() self.statsd = statsd.StatsClient(host='statsd_exporter', port=8125, prefix=self.statsd_prefix) From 8fe44f413f690bff0da9f83ee04dd6448b80b4a8 Mon Sep 17 00:00:00 2001 From: shirpx <33197846+shirpx@users.noreply.github.com> Date: Mon, 6 Aug 2018 20:45:47 +0300 Subject: [PATCH 28/31] Update config.yaml.example --- config.yaml.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.yaml.example b/config.yaml.example index b86babb2f..ca5267c37 100644 --- a/config.yaml.example +++ b/config.yaml.example @@ -31,7 +31,7 @@ es_port: 9200 #es_url_prefix: elasticsearch # Optional prefix for statsd metrics -#statsd_metrics_prefix: elasticsearch +#statsd_metrics_prefix: cops # Connect with TLS to Elasticsearch #use_ssl: True From fde3c389bffa6dbfe718b0791458b4ea8bf87aa7 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Mon, 6 Aug 2018 20:46:57 +0300 Subject: [PATCH 29/31] statsd_metrics_prefix --- elastalert/elastalert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 5e1fc1ee3..00891c88e 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -153,7 +153,7 @@ def __init__(self, args): self.disabled_rules = [] self.replace_dots_in_field_names = self.conf.get('replace_dots_in_field_names', False) self.string_multi_field_name = self.conf.get('string_multi_field_name', False) - self.statsd_prefix = os.environ.get('es_url_prefix', '') + self.statsd_prefix = os.environ.get('statsd_metrics_prefix', '') #self.statsd_prefix = socket.gethostname() self.statsd = statsd.StatsClient(host='statsd_exporter', port=8125, From 28e9fbfb262817957ad4269d2abe75e2621d9668 Mon Sep 17 00:00:00 2001 From: shir menaya Date: Mon, 6 Aug 2018 20:49:56 +0300 Subject: [PATCH 30/31] seconds() on range --- elastalert/elastalert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 00891c88e..0e92ad060 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1135,7 +1135,7 @@ def run_all_rules(self): elastalert_logger.info("Ran %s from %s to %s: %s query hits (%s already seen), %s matches," " %s alerts sent" % (rule['name'], old_starttime, pretty_ts(endtime, rule.get('use_local_time')), total_hits, self.num_dupes, num_matches, self.alerts_sent)) - rule_duration = endtime - rule.get('original_starttime') + rule_duration = seconds(endtime - rule.get('original_starttime')) elastalert_logger.info("%s range %s" % (rule['name'], rule_duration)) self.statsd.gauge('query.hits', total_hits, tags={"rule_name": rule['name']}) From 2a4df8848ffb8b602ea35b1bd493402ff9660cae Mon Sep 17 00:00:00 2001 From: shir menaya Date: Mon, 6 Aug 2018 22:22:33 +0300 Subject: [PATCH 31/31] forgot , --- elastalert/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elastalert/config.py b/elastalert/config.py index 1fedebb8a..e9ca8d63f 100644 --- a/elastalert/config.py +++ b/elastalert/config.py @@ -38,7 +38,7 @@ 'ES_USERNAME': 'es_username', 'ES_HOST': 'es_host', 'ES_PORT': 'es_port', - 'ES_URL_PREFIX': 'es_url_prefix' + 'ES_URL_PREFIX': 'es_url_prefix', 'STATSD_METRICS_PREFIX': 'statsd_metrics_prefix'} env = Env(ES_USE_SSL=bool)