一、安装与部署
设备信息:Centos7
garylog版本:graylog5.0
graylog5.0需要的组件以及版本要求:
- OpenJDK 17 (embedded in the 5.0 installation file):这个graylog自带的不用另外安装
- Elasticsearch 7.10.2 OR OpenSearch 2.x(selected Elasticsearch for our logserver)
- MongoDB 6.0
MangoDB
第一步:添加yum源头,我这里添加的是6.0,可能以后这个yum源会无效,那么可以尝试到https://repo.mongodb.org/yum中寻找你要的yum源。/etc/yum.repo.d/mongo-org-5.0,也可以自己下载rpm包安装
[mongodb-org-5.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/5.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-5.0.asc
第二步:安装,运行,并设置开机启动
sudo yum install -y
sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl start mongod.service
Elasticsearch
第一步:导入yum源证书
#导入证书
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
第二步:添加yum安装,或者https://www.elastic.co/cn/downloads/past-releases/enterprise-search-7-10-2。下载,并rpm安装
echo"[elasticsearch-7.10.2]
name=Elasticsearch repository for 7.10.2 packages
baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md" > /etc/yum.repos.d/elasticsearch.repo
#安装
sudo yum install elasticsearch-oss
第三步:设备配置文件
sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT
cluster.name: graylog
action.auto_create_index: false
EOT
第四步:设置开机启动并检查
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
sudo systemctl --type=service --state=active
grep elasticsearch
Graylog
第一步安装:
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-5.0-repository_latest.rpm
sudo yum install graylog-server
第二步配置文件:配置sudo vim /etc/graylog/server/server.conf
注意:页面的登录密码这里设置的,这个密钥要记住
#需要生成sha密码,并填写到 password_secret 和 root_password_sha2 后面
#密码生成,这个密码是用来登录graylog的
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
#访问地址编辑,我们的服务器地址是192.168.166.202,如果是安装了代理服务器,写127.0.0.1也ok
http_bind_address: 192.168.166.202
#时区也要注意一下
root_timezone = Asia/Shanghai
第三部,开机启动
sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
sudo systemctl --type=service --state=active| grep graylog
Nginx
第一步:安装,我们安装的是nginx-1.16.
sudo rpm -ivh http://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.16.1-1.el7.ngx.x86_64.rpm
第二步:配置文件vim /etc/nginx/conf.d/log.zafu.edu.cn.conf
server
{
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name log.zafu.edu.cn;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_pass http://127.0.0.1:9000; #这个和graylog的http_bind_address一致就好
}
}
第三部:开启服务
systemctl start nginx
systemctl enable nginx
二、graylog的配置
第一步:准备
事先准备nginx content pack:https://github.com/paulbarfuss/graylog3-content-pack-nginx-json/blob/master/content-pack-nginx-graylog3.json
复制代码,到本地的txt就好了,可以明明成content-pack-nginx-graylog3.json。这段代码我会放到最后附录1中;另外网上很多教程,只能适配graylog2之前的,不适配当前版本。
第二步:登录web并配置
登录页面,用户名admin 密码是“graylog第二步中自己设置的密码”上传json的模板。
选择好模板——>upload
导入后,会多一个模板,点击install
查看stream是否自动生成
第三步:Nginx客户端的配置——定义Json发送格式
在客户端nginx上定义格式
将以下这段代码写入/etc/nginx/nginx.conf
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
'"remote_addr": "$remote_addr", '
'"body_bytes_sent": $body_bytes_sent, '
'"request_time": $request_time, '
'"response_status": $status, '
'"request": "$request", '
'"request_method": "$request_method", '
'"host": "$host",'
'"upstream_cache_status": "$upstream_cache_status",'
'"upstream_addr": "$upstream_addr",'
'"http_x_forwarded_for": "$http_x_forwarded_for",'
'"http_referrer": "$http_referer", '
'"http_user_agent": "$http_user_agent" }';
将以下这段代码写入具体的网站配置文件中比如/home/wwwroot/vhost/xbc.zafu.edu.cn.conf
access_log syslog:server=graylog.server.org:12304 graylog2_json;
error_log syslog:server=graylog.server.org:12305;
完成效果
完成以上步骤就可以查看日志情况了:
附录1:
感谢作者mortenn的提供的模板
{
"v": "1",
"id": "d7dc82ff-529b-488a-b1de-b12b32e756bb",
"revcontent-pack-nginx-graylog3.json": 3,
"name": "nginx_json_graylog3",
"summary": "Graylog 3.0+ compatible version of nginx_json content pack",
"description": "",
"vendor": "Originally created by petestorey26 and updated by paulbarfuss for graylog3.0+",
"url": "https://github.com/paulbarfuss/graylog3-content-pack-nginx-json",
"parameters": [],
"entities": [
{
"v": "1",
"type": {
"name": "dashboard",
"version": "1"
},
"id": "b7c3a54b-3ed4-4b73-9452-2731a18846c8",
"data": {
"title": {
"@type": "string",
"@value": "NGINX Overview"
},
"description": {
"@type": "string",
"@value": "Overview of requests handled by NGINX"
},
"widgets": [
{
"id": {
"@type": "string",
"@value": "ab3138d7-9790-4c71-a804-f59ff5692e0f"
},
"description": {
"@type": "string",
"@value": "Requests last 24h"
},
"type": {
"@type": "string",
"@value": "STREAM_SEARCH_RESULT_COUNT"
},
"cache_time": {
"@type": "integer",
"@value": 10
},
"time_range": {
"type": {
"@type": "string",
"@value": "relative"
},
"range": {
"@type": "integer",
"@value": 300
}
},
"configuration": {
"timerange": {
"type": {
"@type": "string",
"@value": "relative"
},
"range": {
"@type": "integer",
"@value": 300
}
},
"lower_is_better": {
"@type": "boolean",
"@value": false
},
"stream_id": {
"@type": "string",
"@value": "3b4da8c0-e9f8-42f9-8f41-9222caa8f407"
},
"trend": {
"@type": "boolean",
"@value": false
},
"query": {
"@type": "string",
"@value": "*"
}
},
"position": null
}
]
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "input",
"version": "1"
},
"id": "fa2ca431-c30d-455d-98b0-9ee703760760",
"data": {
"title": {
"@type": "string",
"@value": "nginx access log"
},
"configuration": {
"expand_structured_data": {
"@type": "boolean",
"@value": false
},
"recv_buffer_size": {
"@type": "integer",
"@value": 1048576
},
"port": {
"@type": "integer",
"@value": 12304
},
"number_worker_threads": {
"@type": "integer",
"@value": 4
},
"force_rdns": {
"@type": "boolean",
"@value": false
},
"allow_override_date": {
"@type": "boolean",
"@value": true
},
"bind_address": {
"@type": "string",
"@value": "0.0.0.0"
},
"store_full_message": {
"@type": "boolean",
"@value": false
}
},
"static_fields": {
"from_nginx": {
"@type": "string",
"@value": "true"
},
"nginx_access": {
"@type": "string",
"@value": "true"
}
},
"type": {
"@type": "string",
"@value": "org.graylog2.inputs.syslog.udp.SyslogUDPInput"
},
"global": {
"@type": "boolean",
"@value": true
},
"extractors": [
{
"target_field": {
"@type": "string",
"@value": "json"
},
"condition_value": {
"@type": "string",
"@value": ""
},
"order": {
"@type": "integer",
"@value": 2
},
"converters": [],
"configuration": {
"replacement": {
"@type": "string",
"@value": "-"
},
"regex": {
"@type": "string",
"@value": ".*"
}
},
"source_field": {
"@type": "string",
"@value": "json"
},
"title": {
"@type": "string",
"@value": "Empty JSON field"
},
"type": {
"@type": "string",
"@value": "REGEX_REPLACE"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "NONE"
}
},
{
"target_field": {
"@type": "string",
"@value": ""
},
"condition_value": {
"@type": "string",
"@value": ""
},
"order": {
"@type": "integer",
"@value": 1
},
"converters": [],
"configuration": {
"flatten": {
"@type": "boolean",
"@value": true
},
"list_separator": {
"@type": "string",
"@value": ", "
},
"kv_separator": {
"@type": "string",
"@value": "="
},
"key_prefix": {
"@type": "string",
"@value": ""
},
"key_separator": {
"@type": "string",
"@value": "_"
},
"replace_key_whitespace": {
"@type": "boolean",
"@value": false
},
"key_whitespace_replacement": {
"@type": "string",
"@value": "_"
}
},
"source_field": {
"@type": "string",
"@value": "json"
},
"title": {
"@type": "string",
"@value": "Extract JSON fields"
},
"type": {
"@type": "string",
"@value": "JSON"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "NONE"
}
},
{
"target_field": {
"@type": "string",
"@value": "json"
},
"condition_value": {
"@type": "string",
"@value": ""
},
"order": {
"@type": "integer",
"@value": 0
},
"converters": [],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "nginx:\\s+(.*)"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "Get JSON from syslog message"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "NONE"
}
},
{
"target_field": {
"@type": "string",
"@value": "message"
},
"condition_value": {
"@type": "string",
"@value": ""
},
"order": {
"@type": "integer",
"@value": 3
},
"converters": [],
"configuration": {
"replacement": {
"@type": "string",
"@value": "$1"
},
"regex": {
"@type": "string",
"@value": ".*request\": \"(.*?)\".*"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "Reduced message to path"
},
"type": {
"@type": "string",
"@value": "REGEX_REPLACE"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "NONE"
}
}
]
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "input",
"version": "1"
},
"id": "540d1628-ceed-49d4-8960-068c5afaa993",
"data": {
"title": {
"@type": "string",
"@value": "nginx error log"
},
"configuration": {
"expand_structured_data": {
"@type": "boolean",
"@value": false
},
"recv_buffer_size": {
"@type": "integer",
"@value": 1048576
},
"port": {
"@type": "integer",
"@value": 12305
},
"number_worker_threads": {
"@type": "integer",
"@value": 4
},
"force_rdns": {
"@type": "boolean",
"@value": false
},
"allow_override_date": {
"@type": "boolean",
"@value": true
},
"bind_address": {
"@type": "string",
"@value": "0.0.0.0"
},
"store_full_message": {
"@type": "boolean",
"@value": false
}
},
"static_fields": {
"nginx_error": {
"@type": "string",
"@value": "true"
},
"from_nginx": {
"@type": "string",
"@value": "true"
}
},
"type": {
"@type": "string",
"@value": "org.graylog2.inputs.syslog.udp.SyslogUDPInput"
},
"global": {
"@type": "boolean",
"@value": true
},
"extractors": [
{
"target_field": {
"@type": "string",
"@value": "server"
},
"condition_value": {
"@type": "string",
"@value": "server"
},
"order": {
"@type": "integer",
"@value": 1
},
"converters": [],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "server:\\s(.+?)(,|$)"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "server"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "STRING"
}
},
{
"target_field": {
"@type": "string",
"@value": "timestamp"
},
"condition_value": {
"@type": "string",
"@value": ""
},
"order": {
"@type": "integer",
"@value": 0
},
"converters": [
{
"type": {
"@type": "string",
"@value": "DATE"
},
"configuration": {
"date_format": {
"@type": "string",
"@value": "yyyy/MM/dd HH:mm:ss "
}
}
}
],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "^.*:\\s(\\d\\d\\d\\d/\\d\\d/\\d\\d\\s\\d\\d:\\d\\d:\\d\\d)\\s.*$"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "Timestamp"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "NONE"
}
},
{
"target_field": {
"@type": "string",
"@value": "remote_addr"
},
"condition_value": {
"@type": "string",
"@value": "client"
},
"order": {
"@type": "integer",
"@value": 2
},
"converters": [],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "client:\\s(.+?)(,|$)"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "remote_addr/client"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "STRING"
}
},
{
"target_field": {
"@type": "string",
"@value": "host"
},
"condition_value": {
"@type": "string",
"@value": "host"
},
"order": {
"@type": "integer",
"@value": 3
},
"converters": [],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "host:\\s\"(.+?)\"(,|$)"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "host"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "STRING"
}
},
{
"target_field": {
"@type": "string",
"@value": "request_verb"
},
"condition_value": {
"@type": "string",
"@value": "request"
},
"order": {
"@type": "integer",
"@value": 5
},
"converters": [],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "request:\\s\"(GET|HEAD|POST|PUT|DELETE|TRACE|OPTIONS|CONNECT|PATCH).+\"(,|$)"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "request_verb"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "STRING"
}
},
{
"target_field": {
"@type": "string",
"@value": "request_path"
},
"condition_value": {
"@type": "string",
"@value": "request"
},
"order": {
"@type": "integer",
"@value": 4
},
"converters": [],
"configuration": {
"regex_value": {
"@type": "string",
"@value": "request:\\s\"(.+?)\"(,|$)"
}
},
"source_field": {
"@type": "string",
"@value": "message"
},
"title": {
"@type": "string",
"@value": "request_path/request"
},
"type": {
"@type": "string",
"@value": "REGEX"
},
"cursor_strategy": {
"@type": "string",
"@value": "COPY"
},
"condition_type": {
"@type": "string",
"@value": "STRING"
}
}
]
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "stream",
"version": "1"
},
"id": "40645de4-746e-4ec0-86ec-47d893ded9b6",
"data": {
"alarm_callbacks": [],
"outputs": [],
"remove_matches": {
"@type": "boolean",
"@value": false
},
"title": {
"@type": "string",
"@value": "nginx HTTP 4XXs"
},
"stream_rules": [
{
"type": {
"@type": "string",
"@value": "GREATER"
},
"field": {
"@type": "string",
"@value": "response_status"
},
"value": {
"@type": "string",
"@value": "399"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
},
{
"type": {
"@type": "string",
"@value": "SMALLER"
},
"field": {
"@type": "string",
"@value": "response_status"
},
"value": {
"@type": "string",
"@value": "500"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
},
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "from_nginx"
},
"value": {
"@type": "string",
"@value": "true"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
}
],
"alert_conditions": [],
"matching_type": {
"@type": "string",
"@value": "AND"
},
"disabled": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": "All requests that were answered with a HTTP code in the 400 range by nginx"
},
"default_stream": {
"@type": "boolean",
"@value": false
}
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "stream",
"version": "1"
},
"id": "5a0abcb1-b5af-4239-96f6-d8fc786c54be",
"data": {
"alarm_callbacks": [],
"outputs": [],
"remove_matches": {
"@type": "boolean",
"@value": false
},
"title": {
"@type": "string",
"@value": "nginx requests"
},
"stream_rules": [
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "nginx_access"
},
"value": {
"@type": "string",
"@value": "true"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
}
],
"alert_conditions": [],
"matching_type": {
"@type": "string",
"@value": "AND"
},
"disabled": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": "All requests that were logged into the nginx access_log"
},
"default_stream": {
"@type": "boolean",
"@value": false
}
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "stream",
"version": "1"
},
"id": "3b4da8c0-e9f8-42f9-8f41-9222caa8f407",
"data": {
"alarm_callbacks": [],
"outputs": [],
"remove_matches": {
"@type": "boolean",
"@value": false
},
"title": {
"@type": "string",
"@value": "nginx"
},
"stream_rules": [
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "from_nginx"
},
"value": {
"@type": "string",
"@value": "true"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
}
],
"alert_conditions": [],
"matching_type": {
"@type": "string",
"@value": "AND"
},
"disabled": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": "all message to nginx_access and nginx_error"
},
"default_stream": {
"@type": "boolean",
"@value": false
}
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "stream",
"version": "1"
},
"id": "6bfbdd7e-638a-4ff5-a3e0-327a21bad701",
"data": {
"alarm_callbacks": [],
"outputs": [],
"remove_matches": {
"@type": "boolean",
"@value": false
},
"title": {
"@type": "string",
"@value": "nginx HTTP 404s"
},
"stream_rules": [
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "response_status"
},
"value": {
"@type": "string",
"@value": "404"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
},
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "from_nginx"
},
"value": {
"@type": "string",
"@value": "true"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
}
],
"alert_conditions": [],
"matching_type": {
"@type": "string",
"@value": "AND"
},
"disabled": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": "All requests that were answered with a HTTP 404 by nginx"
},
"default_stream": {
"@type": "boolean",
"@value": false
}
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "stream",
"version": "1"
},
"id": "be3273d1-ff76-4ab5-8471-f7f2c3a8593e",
"data": {
"alarm_callbacks": [],
"outputs": [],
"remove_matches": {
"@type": "boolean",
"@value": false
},
"title": {
"@type": "string",
"@value": "nginx HTTP 5XXs"
},
"stream_rules": [
{
"type": {
"@type": "string",
"@value": "GREATER"
},
"field": {
"@type": "string",
"@value": "response_status"
},
"value": {
"@type": "string",
"@value": "499"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
},
{
"type": {
"@type": "string",
"@value": "SMALLER"
},
"field": {
"@type": "string",
"@value": "response_status"
},
"value": {
"@type": "string",
"@value": "600"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
},
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "from_nginx"
},
"value": {
"@type": "string",
"@value": "true"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
}
],
"alert_conditions": [],
"matching_type": {
"@type": "string",
"@value": "AND"
},
"disabled": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": "All requests that were answered with a HTTP code in the 500 range by nginx"
},
"default_stream": {
"@type": "boolean",
"@value": false
}
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
},
{
"v": "1",
"type": {
"name": "stream",
"version": "1"
},
"id": "1a3bec0f-34e6-41dc-9d38-fb0997fef588",
"data": {
"alarm_callbacks": [],
"outputs": [],
"remove_matches": {
"@type": "boolean",
"@value": false
},
"title": {
"@type": "string",
"@value": "nginx errors"
},
"stream_rules": [
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "nginx_error"
},
"value": {
"@type": "string",
"@value": "true"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
}
],
"alert_conditions": [],
"matching_type": {
"@type": "string",
"@value": "AND"
},
"disabled": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": "All requests that were logged into the nginx error_log"
},
"default_stream": {
"@type": "boolean",
"@value": false
}
},
"constraints": [
{
"type": "server-version",
"version": ">=3.0.0+db6cf59"
}
]
}
]
}