Overview¶
Abstract
The punch integrates Elastalert, an alerting component that lets you define powerful alerts using a simple yaml format.
Elastalert is made available as a shiva application. You deploy it as part of a (standard) channel. The following example illustrates how you define a channel with (only) elastalert:
{
"version": "6.0",
"start_by_tenant" : false,
"stop_by_tenant" : true,
"applications": [
{
"name": "mychannel",
"runtime" : "shiva",
"command": "elastalert",
"args": [
"--config", "config.yaml", "--verbose"
],
"cluster": "local",
"shiva_runner_tags": [
"local"
],
"apply_resolver_on": [
"config.yaml"
]
}
]
}
Because ElastAlert is run and monitored by the shiva scheduler, it is highly-available: should a server crash, ElastAlert will be restarted on a secondary server.
In addition, the punch provides ready-to-use ElastAlert Punch Modules. In particular it allows you to load the ElastAlert rules from an Elasticsearch store. This is particularly convenient in a distributed and highly-available setup.
Custom Modules¶
You can also ship in your own elastalert alerter or loader modules. All you have to do is to deliver these as pex python executable files.
Here is an example configuration:
{
"version": "6.0",
"start_by_tenant" : false,
"stop_by_tenant" : true,
"applications": [
{
"name": "mychannel",
"runtime" : "shiva",
"command": "elastalert",
"args": [
"--config", "config.yaml",
"--verbose",
"--additional-pex",
"mycustomrule.pex,mycustomalert.pex"
],
"cluster": "local",
"shiva_runner_tags": [
"local"
]
}
]
}
Custom Elastalert modules must be stored under the $PUNCHPLATFORM_INSTALL_DIR/extlib/elastalert/
folder.
Version and Dependency Management¶
The punch ElastAlert service depends on ElastAlert v0.2.4 and kafka-python v2.0.2.
Starter¶
Refer to our starters and look into the elastalert folder.