Alerter is a tool to manage Splunk alerts, searches and other operations
Edit the config with the APP, SPLUNK_USERNAME, SPLUNK_PASSWORD and SERVER. FILTER sets the default filter to show alerts. JIRA_USERNAME and JIRA_PASSWORD for JIRA integration.
Example:
APP="app" FILTER="Sev"
./alerter -s ap-api.serversc.com.com -m "[email protected],[email protected]" -q "index=index-prod-* source=apigateway.* 'Connection refused'" -c 'Sev3: Dev/Stage API connection refused'
./alerter -s us-api.serversc.com.com -m "[email protected],stage-splunk-based-index-stage-alert.myadwrbo@cloud.pagerduty.com" -q "index=index-dev-* OR index-stage-* source=service* m=bstr_internal_health lvl=error l=103" -e "*" -b "5" -x "50" -c 'Sev3: Dev/Stage Proactive Service Monitoring'
sancheza-macOS:alerter sancheza$ ./alerter -s ap-api.serversc.com.com -a Sev3: Dev/Stage API blockembargoips.conf not found Sev2: Prod API connection refused Sev2: Prod API blockembargoips.conf not found Sev1: Prod Flight is Leaderless Sev3: Dev/Stage API connection refused Sev3: Dev API Service Upstream Server Sev3: Dev/Stage API no memory in vhost_traffic_status_zone Sev3: Dev/Stage API LUA worker error Sev2: Prod API no memory in vhost_traffic_status_zone Sev2: Prod API Service Upstream Server
./alerter -s ap-api.serversc.com.com -f 'search=search index=index-dev-* source=apigateway.* "Connection refused"'
./alerter -s ap-api.serversc.com.com -m "[email protected]" -q "index=index-prod-* source=service* m=bstr_internal_health lvl=error l=103" -e "*/15" -b "5" -x "30" -w 'http://www.google.es' -c 'Sev2: Prod Proactive Service Monitoring Example'
./alerter -s ap-api.serversc.com.com -d 'Sev2: Prod Proactive Service Monitoring Example'
./alerter -j
Alejandro Sanchez Acosta [email protected]