Forward Alerta alerts via Logstash to Elasticsearch for visualisation in Kibana.
Install the following packages:
- Logstash
- Elasticsearch
- Kibana
Install the logstash plug-in which can be found in the contrib repo. Then add it to the list of enabled PLUGINS:
PLUGINS = ['reject','logstash']
LOGSTASH_HOST = 'localhost'
LOGSTASH_PORT = 1514
Configure logstash to parse json-encoded alerts and forward them to elasticsearch:
input {
tcp {
port => 1514
codec => json_lines
}
}
output {
# stdout {}
elasticsearch {
protocol => "http"
host => "localhost"
}
}
Either configure a Kibana dashboard manually or load the example dashboard from this repo.
Menu -> Load -> Advanced -> Choose File -> Dashboard.json
Run logstash in debug mode:
$ stop logstash
$ /opt/logstash/bin/logstash agent -f /etc/logstash/conf.d/alerta.conf -vvv
To view alerts as they would be sent to elasticsearch uncomment the stdout{} line in the logstash.conf file above.
List elasticsearch indices:
http://localhost:9200/_cat/indices?v
Alternatively, make use of the vagrant-try-alerta repo...
$ git clone https://github.com/alerta/vagrant-try-alerta.git
$ cd vagrant-try-alerta
$ vagrant up alerta-kibana
$ vagrant ssh alerta-kibana
Copyright (c) 2014,2016 Nick Satterly. Available under the MIT License.