docker 部署 插件时，不生效。也没有错误日志，请问可以从哪方面查看？

[weihc02]

No description provided.

[anjia0532]

正常的日志贴一下看看，把你的配置文件贴一下，敏感参数脱下敏

[weihc02]

docker 中没有输出错误日志，配置文件，只添加微信部分

[weihc02]

bash-4.3# cat config.yaml

This is the folder that contains the rule yaml files

Any .yaml file will be loaded as a rule

rules_folder: /opt/elastalert/rules

How often ElastAlert will query Elasticsearch

The unit can be anything from weeks to seconds

run_every:
minutes: 1

ElastAlert will buffer results from the most recent

period of time, in case some log sources are not in real time

buffer_time:
minutes: 15

The Elasticsearch hostname for metadata writeback

Note that every rule can have its own Elasticsearch host

es_host: 10.27.167.142

The Elasticsearch port

es_port: 9200

The AWS region to use. Set this when using AWS-managed elasticsearch

#aws_region: us-east-1

The AWS profile to use. Use this if you are using an aws-cli profile.

See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html

for details

#profile: test

Optional URL prefix for Elasticsearch

#es_url_prefix: elasticsearch

Connect with TLS to Elasticsearch

#use_ssl: True

Verify TLS certificates

#verify_certs: True

GET request with body is the default option for Elasticsearch.

If it fails for some reason, you can pass 'GET', 'POST' or 'source'.

See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport

for details

#es_send_get_body_as: GET

Option basic-auth username and password for Elasticsearch

#es_username: someusername
#es_password: somepassword

The index on es_host which is used for metadata storage

This can be a unmapped index, but it is recommended that you run

elastalert-create-index to set a mapping

writeback_index: elastalert_status

If an alert fails for some reason, ElastAlert will retry

[weihc02]

bash-4.3# ls
log_error.yaml
bash-4.3# pwd
/opt/elastalert/rules
bash-4.3# cat log_error.yaml
name: log_error
type: frequency
index: kibana_sample_data_*

link to a kibana dashboard with correct time settings

#use_kibana4_dashboard: "http://localhost:5601/app/kibana#/dashboard/monitoring-dashboard"
num_events: 1
timeframe:
minutes: 60
filter:

• query:
  query_string:
  query: "Wednesday"

#只需要的字段 https://elastalert.readthedocs.io/en/latest/ruletypes.html#include
include: ["products"]

(Required)

The alert is use when a match is found

alert:
#- "email"

• "elastalert_modules.wechat_qiye_alert.WeChatAlerter"
  #增强器 https://elastalert.readthedocs.io/en/latest/recipes/adding_enhancements.html
  #match_enhancements:
  #- "elastalert_modules.my_enhancements.MyEnhancement"

email相关配置

(required, email specific)

a list of email addresses to send alerts to

#email:
#接收报警邮件的邮箱
#- "[email protected]"
#SMTP协议的邮件服务器相关配置
#smtp.163.com是网易163邮箱的smtp服务器
#登陆163邮箱后，找到 【设置】>【POP3/SMTP/IMAP】>开启，然后设置【客户端授权密码】
#smtp_host: smtp.163.com
#smtp_port: 25
#用户认证文件，需要user和password两个属性
#注意将${userName}替换成具体用户名
#smtp_auth_file: /home/sn/elkstack/elastalert/smtp_auth_file.yaml
#回复给那个邮箱
#email_reply_to: [email protected]
#从哪个邮箱发送
#from_addr: [email protected]

#微信企业号相关

(required, email specific)

a list of email addresses to send alerts to

#后台登陆后【设置】->【权限管理】->【普通管理组】->【创建并设置通讯录和应用权限】->【CorpID，Secret】
#设置微信企业号的appid
corp_id: wwxxxx
#设置微信企业号的Secret
secret: H7b7NY_xxxx
#后台登陆后【应用中心】->【选择应用】->【应用id】
#设置微信企业号应用id
agent_id: xxx
#部门id
party_id: 2
#用户微信号
user_id: xxxx

标签id，多个用 | 分隔

#tag_id: xx