Skip to content

Commit

Permalink
Merge branch 'release/20181211-01'
Browse files Browse the repository at this point in the history
  • Loading branch information
johnsusek committed Dec 11, 2018
2 parents 8e43ad1 + cc9ba3b commit ed48b6e
Show file tree
Hide file tree
Showing 18 changed files with 331 additions and 101 deletions.
9 changes: 8 additions & 1 deletion .eslintrc.js
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,14 @@ module.exports = {
optionalDependencies: ['test/unit/index.js']
}
],
'no-debugger': process.env.NODE_ENV === 'production' ? 'error' : 'off'
'no-debugger': process.env.NODE_ENV === 'production' ? 'error' : 'off',
'vue/html-closing-bracket-newline': [
'error',
{
singleline: 'never',
multiline: 'never'
}
]
},
parserOptions: {
parser: 'babel-eslint'
Expand Down
4 changes: 3 additions & 1 deletion MAINTENANCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,9 @@ Run `npm update` to install latest versions of packages per package.json.
## Elastalert (if neccessary)

- Stash all changes in elastalert project
- Create docker image + push to servercentral/elastalert
- `make build v=master`
- `docker tag id servercentral/elastalert`
- `docker push servercentral/elastalert`

## Praeco

Expand Down
34 changes: 25 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@
Praeco is an alerting tool for elasticsearch – a GUI for [elastalert](https://github.com/yelp/elastalert), using the [elastalert API](https://github.com/bitsensor/elastalert).

- Interactively build alert rules using a query builder
- View a preview of your query and a graph of results over the last 24h
- Supports Any, Blacklist, Whitelist, Change, Frequency, Flatline, Spike and Metric Aggregation elastalert rule types
- View a preview of your query and a graph of results
- Test your alerts against historical data
- See a preview of your alert subject/body as you are editing
- Supports notifications to Slack, Email or HTTP POST
- Supports Any, Blacklist, Whitelist, Change, Frequency, Flatline, Spike and Metric Aggregation elastalert rule types
- View logs of when your alerts are checked and when they fire
- Use templates to pre-fill commonly used rule options

Expand All @@ -24,18 +24,20 @@ export PRAECO_ELASTICSEARCH=<your elasticsearch ip>
docker-compose up
```

ℹ️ Don't use 127.0.0.1 for PRAECO_ELASTICSEARCH. See first item under the Troubleshooting section.

Praeco should now be available on http://127.0.0.1:8080

A [walkthrough article](https://medium.com/@john_8166/praeco-walkthrough-5aada7e078a9) is available to guide you through creating your first template and rule.
A [walkthrough article](https://medium.com/@john_8166/praeco-walkthrough-5aada7e078a9) is available to guide you through creating your first rule.

## Upgrading

```
docker pull servercentral/praeco && docker pull servercentral/elastalert
docker-compose down && docker-compose up
docker pull servercentral/praeco; docker pull servercentral/elastalert
docker-compose up --force-recreate --build; docker image prune -f
```

Please see [UPGRADING.md](https://github.com/ServerCentral/praeco/blob/master/UPGRADING.md) for version-specific instructions.
ℹ️ You may need to update your config files when a new version comes out. Please see [UPGRADING.md](https://github.com/ServerCentral/praeco/blob/master/UPGRADING.md) for version-specific instructions.

## Configuration

Expand Down Expand Up @@ -83,21 +85,35 @@ Replace 1.2.3.4 with your Elasticsearch IP.

## Troubleshooting

#### I am using 127.0.0.1 for PRAECO_ELASTICSEARCH and it isn't working

Praeco, running within a docker container, cannot communicate with your ES bound to localhost. You need to change your ES `network.host` setting
to something different. The value of `_site_` is suggested, that will bind to a local network IP on your machine. Then use that
IP address for PRAECO_ELASTICSEARCH. Here's a working example:

```
elasticsearch -E network.host=_site_
export PRAECO_ELASTICSEARCH=192.168.1.145
docker-compose up
```

Replace 192.168.1.145 with the IP address your ES binds to (look for bound_addresses in the elasticsearch launch log).

#### I'm not receiving alerts even though I expect them

First of all, try to test your alert and see if that is returning results.
First of all, try to test your alert with varying time frames and see if that is returning any results.

If the test is returning results, but you are not receiving any alerts, check the error log. There may be a problem with your slack or email settings. Make sure you edited rules/BaseRule.config and have correct values in there.

If the test is not returning results, even though you think it should, try reading the [elastalert docs](https://elastalert.readthedocs.io/en/latest/ruletypes.html#rule-types) for your rule type. Compare the yaml from praeco with the options from the docs to make sure the rule is being created as expected. If praeco is generating the wrong yaml, please file an issue.

#### Failed to establish a new connection: [Errno 111] Connection refused

You will see this error when launching if praeco cannot find elasticsearch at the IP address you specified at $PRAECO_ELASTICSEARCH. Please make sure you can communicate with this IP address by issuing the following command: `curl http://$PRAECO_ELASTICSEARCH:9200`. If the connection is refused, your machine cannot communicate with Elasticsearch, it may be a networking problem.
You will see this error when launching if praeco cannot find elasticsearch at the IP address you specified at \$PRAECO_ELASTICSEARCH. Please make sure you can communicate with this IP address by issuing the following command: `curl http://$PRAECO_ELASTICSEARCH:9200`. If the connection is refused, your machine cannot communicate with Elasticsearch, it may be a networking problem.

#### 404 error in error log for slack webhook

Make sure the channel you are trying to post to exists.
Make sure the channel/username you are trying to post to exists.

## Developing

Expand Down
2 changes: 1 addition & 1 deletion UPGRADING.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
To upgrade to the newest release of praeco, run the following commands:

- `docker pull servercentral/praeco && docker pull servercentral/elastalert`
- `docker-compose down && docker-compose up`
- `docker-compose up --force-recreate --build && docker image prune -f`

Some version upgrades require further configuration. Version specific upgrade instructions are below.

Expand Down
2 changes: 2 additions & 0 deletions config/elastalert.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,5 @@ writeback_index: praeco_elastalert_status
# sending the alert until this time period has elapsed
alert_time_limit:
days: 2

skip_invalid: True
17 changes: 2 additions & 15 deletions src/components/DateTime.vue
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
</template>

<script>
import moment from 'moment-timezone';
import parseDate from '@/lib/parseDate';
export default {
props: {
Expand All @@ -35,21 +35,8 @@ export default {
computed: {
formatted() {
if (!this.date) return;
let momentDate;
if (typeof this.date === 'string') {
momentDate = moment(String(this.date)).tz(this.timeZone);
} else if (this.date.toString().length === 10) {
momentDate = moment.unix(String(this.date)).tz(this.timeZone);
} else {
momentDate = moment(this.date).tz(this.timeZone);
}
let momentDate = parseDate(this.date);
return momentDate.format('M/D/YYYY h:mm:ssa');
},
timeZone() {
return Intl.DateTimeFormat().resolvedOptions().timeZone;
}
},
watch: {
Expand Down
43 changes: 31 additions & 12 deletions src/components/EventTable.vue
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
<template>
<div v-show="loadedEvents.length" class="event-table">
<div class="event-table">
<el-table
v-loading="eventsLoading && !loadedEvents.length"
ref="table"
:data="loadedEvents"
:border="true"
Expand Down Expand Up @@ -107,7 +108,9 @@ export default {
visibleColumns() {
if (this.loadedEvents.length) {
return Object.keys(this.loadedEvents[0]).sort().filter(col => !this.hidden.includes(col));
return Object.keys(this.loadedEvents[0])
.sort()
.filter(col => !this.hidden.includes(col));
}
return [];
},
Expand Down Expand Up @@ -171,16 +174,25 @@ export default {
},
saveColumns() {
localStorage.setItem('hiddenEventTableColumns', JSON.stringify(this.hidden));
localStorage.setItem(
'hiddenEventTableColumns',
JSON.stringify(this.hidden)
);
},
saveColumnWidths(newWidth, oldWidth, column) {
this.widths[column.property] = newWidth;
localStorage.setItem('eventTableColumnWidths', JSON.stringify(this.widths));
localStorage.setItem(
'eventTableColumnWidths',
JSON.stringify(this.widths)
);
},
loadMore() {
if (!this.eventsLoading && (this.totalEvents === 0 || this.loadedEvents.length < this.totalEvents)) {
if (
!this.eventsLoading &&
(this.totalEvents === 0 || this.loadedEvents.length < this.totalEvents)
) {
this.fetchEvents();
}
},
Expand All @@ -200,7 +212,9 @@ export default {
must: [
{
query_string: {
query: this.$store.getters['config/query/queryString'] || `${this.timeField}:*`
query:
this.$store.getters['config/query/queryString'] ||
`${this.timeField}:*`
}
}
]
Expand Down Expand Up @@ -251,7 +265,8 @@ export default {
this.source = CancelToken.source();
res = await axios.post(
`/api/search/${this.$store.state.config.settings.index}`,
query, { cancelToken: this.source.token }
query,
{ cancelToken: this.source.token }
);
} catch (error) {
if (!axios.isCancel(error)) {
Expand All @@ -262,9 +277,11 @@ export default {
}
if (res && res.data && res.data.hits) {
res.data.hits.hits.map(h => h._source).forEach(event => {
this.loadedEvents.push(event);
});
res.data.hits.hits
.map(h => h._source)
.forEach(event => {
this.loadedEvents.push(event);
});
this.totalEvents = res.data.hits.total;
this.offset += 40;
}
Expand All @@ -288,8 +305,10 @@ export default {
.event-table .el-table td {
color: #212121;
font-family: Consolas, 'Andale Mono WT', 'Andale Mono', 'Lucida Console', 'Lucida Sans Typewriter', 'DejaVu Sans Mono',
'Bitstream Vera Sans Mono', 'Liberation Mono', 'Nimbus Mono L', Monaco, 'Courier New', Courier, monospace;
font-family: Consolas, "Andale Mono WT", "Andale Mono", "Lucida Console",
"Lucida Sans Typewriter", "DejaVu Sans Mono", "Bitstream Vera Sans Mono",
"Liberation Mono", "Nimbus Mono L", Monaco, "Courier New", Courier,
monospace;
vertical-align: top;
}
Expand Down
Loading

0 comments on commit ed48b6e

Please sign in to comment.