- Published on
Installing Elastalert for Elasticsearch on Amazon Linux
- Authors
- Name
- Ruan Bekker
- @ruanbekker
Elastalert, a service for Alerting with Elasticsearch:
Setting up Elastalert
We will setup Elastalert for Elasticsearch on Amazon Linux which is a RHEL Based Distribution.
Switch to the root user:
$ sudo su
Install the dependencies as the root user:
yum update -y
yum install git python-devel lib-devel libevent-devel bzip2-devel openssl-devel ncurses-devel zlib zlib-devel xz-devel gcc -y
yum install python-setuptools -y
easy_install pip
Switch back to the normal user:
exit
Then continue to install the pip packages:
pip install virtualenv
virtualenv .venv
source .venv/bin/activate
pip install pip --upgrade
pip install setuptools --upgrade
Clone Elastalert Repository and Install Dependencies:
cd /opt/
git clone https://github.com/Yelp/elastalert
cd elastalert/
pip install -r requirements.txt
Configs:
cp config.yaml.example config.yaml
vim config.yaml
vim example_rules/example_frequency.yaml
After opening the config, populate the configuration where needed.
Installation of elastalert:
python setup.py install
# elastalert-create-index
Running elastalert:
python -m elastalert.elastalert --verbose --rule example_frequency.yaml
# INFO:elastalert:Starting up
Systemd Unit File:
/etc/systemd/system/elastalert.service
[Unit]
Description=Elastalert
# executed after this
After=syslog.target
After=network.target
[Service]
Type=simple
User=root
Group=root
WorkingDirectory=/opt/elastalert
Environment="SOME_KEY_1=value" "SOME_KEY_2=value2"
# restart on unexpected exits
Restart=always
# first argument must be an absolute path, rest are arguments to it
ExecStart=/usr/bin/python -m elastalert.elastalert --verbose --rule example_frequency.yaml
# startup/shutdown grace period
TimeoutSec=60
[Install]
# executed before this
WantedBy=multi-user.target
# Thanks:
# https://cloudership.com/blog/2016/4/8/init-scripts-for-web-apps-on-linux-and-why-you-should-be-using-them
Reload, enable and start:
systemctl daemon-reload
systemctl enable elastalert.service
systemctl start elastalert.service
Thank You
Thanks for reading, feel free to check out my website, feel free to subscribe to my newsletter or follow me at @ruanbekker on Twitter.
- Linktree: https://go.ruan.dev/links
- Patreon: https://go.ruan.dev/patreon