Alerts for ElasticSearch monitoring
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
application
client
core
docker-dev-env
docs
elasticsearch-input
gradle/wrapper
integration-tests
rest
rules
.gitignore
.travis.yml
LICENSE
README.md
UI.png
build.gradle
gradle.properties
gradlew
gradlew.bat
lert.png
lert2.png
settings.gradle

README.md

Build Status

l3rt

L3rt

Simple alerting application. It was inspired by elastalert and Jenkins pipelines. The goal is to provide users with more sophisticated rule system.

Why l3rt?

  • Zero-dependency. No additional database required.
  • Infrastructure-as-code friendly. Manage your rules as regular files
  • Infinite flexibility in rule configuration
  • Built-in web UI playground

Request a feature

Feature Requests

Currently, l3rt supports the following sources as an input:

Supported outputs:

Supported rules:

  • ElasticSearch: queryString rule - returns messages matched by a query string
  • ElasticSearch: query rule - free-form rule that is fully managed by ElasticSearch's search query
  • ElasticSearch: count rule - returns number of events occurred for the given period of time (or multiple periods)
  • Missing yours? Add a feature request or submit a pull request

UI

You can use a web UI to create and debug your rules. Just start L3rt and go to http://localhost:8080/

ui

How to use

Create a config file where you need to specify common configuration for all your rules:

{
  "sources": [
    {"url": "elasticSearch:http://localhost:9200"}
  ],
  "targetSettings": {
    "mailServer": {
      "host": "smtp.gmail.com",
      "port": "465",
      "auth":  true,
      "username": "myemail@test.com",
      "password": "password"
    }
  }
}

You can find more info about config here.

Create your rule. All rules are groovy based DSLs, so you can use all power of groovy in your rules.

/opt/l3rt/rules/exampleRule.groovy

rule {
    ruleName = "myTestRule"
    params = [
            index: "logstash-*",
            queryString: "message:Error"
    ]

    reaction { messages ->
        messages.each {
            if (it.data.message.contains("Critical")) {
                email("manager@mycompany.com", "Error", it.data.message.toString())
                hipchat("Room with logs", it.data.message.toString(), "RED", true)
            } else {
                hipchat("Room with logs", it.data.message.toString(), "YELLOW", true)
            }
        }
    }
}

Build & Launch

Development mode

You need:

  • Java >=8
  • Node ~v8.*.*
  • Npm
  1. Launch lert.Application as a plain java application with optional parameters:
  • -Dlogback.configurationFile=logback-dev.xml - dev logger config
  • -Dconfig.file=~/l3rt/conf.json - specifies the config location
  • -Drules=~/l3rt/rules/ - specifies a folder with rules if this parameter hasn't been defined in the config
  1. Launch client side

Manually

  1. Build ./gradlew application:jar

  2. Run java -Dconfig.file=/l3rt/config/config.json -Drules=/l3rt/rules/ -jar ./application/build/libs/l3rt-1.6.0.jar

NOTE: l3rt requires >= Java 8 and Docker

Via Docker

Create your config file ~/conf.json on your local machine. Then start it as follows:

docker run -it -v ~/conf.json:/l3rt/config/config.json -p 8080:8080 dimafeng/l3rt:1.6.0

Optionally you can specify location of your rules -v ~/rules:/l3rt/rules.

Go to http://localhost:8080 and play with L3rt!

Versions

Contributions

This project is in heavy development stage so all contributions are appreciated.

Special thanks