在 Elastisearch 中实施电子邮件警报的最佳方法是什么? [英] What is the best way to implement Email Alerts in Elastisearch?

问题描述

我们将构建一个在 AWS 中运行的新职位板类型网站，并且我们将 Elastisearch 用于所有职位和候选人搜索功能.

We will be building a new job board type site that runs in AWS and we are using Elastisearch for all the job and candidate search functionality.

该站点将有电子邮件警报.1) 候选人可以设置提醒，以便将发布的与特定关键字匹配且位于特定邮政编码 X 英里范围内的新职位通过电子邮件发送给他们.2) 招聘人员将能够设置提醒，以便将在某个邮政编码 X 英里范围内包含某些关键字的简历通过电子邮件发送给他们

The site will have email alerts. 1) Candidates can set an alert so that a new job that is posted that matches certain keywords and is within X miles of a certain zipcode will be emailed to them. 2) Recruiters will be able to set alerts so that a resume with certain keywords within X miles of a certain zipcode will be emailed to them

是否有让我们入门的开源代码?

Is there opensource code that will get us started?

我已经阅读了 Elastic.co 关于 Watcher 的一些内容，但我们正在引导并试图找到一种低成本的解决方案.我将 ping Elastic 以了解他们的前期成本...

I have read a bit on Watcher by Elastic.co but we are bootstrapping and trying to find a low cost solution. I will ping Elastic to get a feel for their up front costs...

是否有人使用 Watcher 或其他警报工具构建了一个可扩展的 Web 应用程序，该应用程序每天可以处理数以千计的警报?

Has anyone built a scalable web application that can handle 10's of thousands of alerts per day using Watcher or some other Alerting Tool?

谢谢，

布伦特拜尔斯

推荐答案

如果您(还)不想使用 Watcher，下一个可用选项是深入研究 percolate API (+ 有关该主题的较旧博客文章 和 最近的一个) 以实现观察"部分并在您自己的代码中处理警报"部分.

If you don't want to use Watcher (yet), the next available option is to dig into the percolate API (+ older blog post on the subject and a more recent one) in order to implement the "watch" part and handle the "alert" part in your own code.

人们在做什么的一些例子:

Some examples of what people out there are doing:

1. 您可能想查看由 Yelp 创建的 ElastAlert，这可能会让您有所收获.

1. You might want to check ElastAlert created by Yelp and which should probably get you going.

Toplog 使用 percolate API以便在特定日志模式被索引时获得警报.他们还按顺序创建了 percolator Logstash output在文档被编入索引后对其进行渗透，并将匹配的渗透查询存储到 redis(或您拥有的)中.一些 Logstash 人有相同的想法，并且可能正在考虑将该插件作为可行的选择.

Toplog uses the percolate API in order to get alerts when specific log patterns are being index. They've also created the percolator Logstash output in order to percolate a document just after it's been indexed and store the matching percolated queries into redis (or what have you). Some Logstash folks have had the same idea and might be considreing that plugin as a viable option.

还有 另一个例子 每当新产品被索引与给定查询匹配时，就会发送电子邮件.

There's another example where an email is sent whenever a new product is being indexed which matches a given query.

如果你多挖掘一点，你肯定会发现更多的例子.但总体思路始终如一:

If you dig a little more, you'll certainly find plenty more examples. But the overall idea is always the same:

1. 使用 percolate API 存储作业/候选人查询
2. 渗透新工作/候选人文件
3. 如果在第 2 步中找到匹配的查询，请发送警报.

最后，Kibana 有一个未解决的问题，用于集成警报系统可能还想看.

Finally, there's an open issue in Kibana for integrating an alerting system that you might also want to watch.

更新 (2016/05/04)

我决定创建一个支持 ES Percolate API 的 Logstash 过滤器.它和 Toplog 的人所做的类似，但它作为过滤器运行以丰富事件，而不是作为 Redis 的输出运行.

I've decided to create a Logstash filter that supports the ES Percolate API. It is similar to what the Toplog guys do, but it runs as a filter to enrich the event instead of running as an output to redis.

您可以在以下位置找到更多信息:https://github.com/弹性/logstash/issues/2187#issuecomment-216760668

You can find more info at: https://github.com/elastic/logstash/issues/2187#issuecomment-216760668

这篇关于在 Elastisearch 中实施电子邮件警报的最佳方法是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！