Praeco is an open-source tool for alerting Elasticsearch. It can build the alert for elasticsearch in an interactive query builder. A preview of the result will be shown in charts. This tool has an easy installation & configuration process which we will learn further in this blog. We can receive alerts on commonly used channels like slack, email, and many more.
This will have two parts- first, we install & configure the Praeco; in the second part, we learn – how to create an alert?
Why do we use this over others?
In terms of open-source tools which are used for alerting in elasticsearch the most popular option is elastalert. In this creating an alert is a very hectic process because one has to write YAML which can be sometimes frustrating for those who don’t know the syntax.
Now we have to search for other options, which leads us to Praeco. This provides an interactive GUI to create the alert condition and hassle-free integration with alert channels.
- A machine on which docker is installed & in a running state.
- Port 8080 should be free because GUI will run on port 8080.
- Elasticsearch cluster must be reachable from the machine.
Installation & Configuration
Clone the repository from the Github. You can do a simple google search with keywords like “Praeco elasticsearch” or use the below link.
git clone https://github.com/johnsusek/praeco.git
Change your directory to praeco and run the following commands to start the configuration of the tool.
mkdir -p rules rule_templates
This directory will hold rule configuration files that are used to trigger the alert.
chmod -R 777 rules rule_templates
Change the permission of the directory so the file can be added when you create an alert on GUI.
export PRAECO_ELASTICSEARCH=<Your elasticsearch IP>
Run the above command in the shell terminal. Replace the text with the IP of your elasticsearch node IP.
We have to change the few entries in a file name config/api.config.json. Which looks like this
Replace with your elasticsearch host IP and Port and save the file.
Remove these lines from the file if you are not using any authentication for elasticsearch.
To add the alerting in Praeco we have various methods which it supports. I will explain the adding an E-mail & slack option to Praeco.
Add these lines in the file rules/BaseRule.config.
After adding this information we need to add the username and password of the email from which the mail is sent to users. This password can be an app password that can be generated from the mail provider or enter the password of your user.
To do so edit the file ass/gmail_auth.yaml
In the present directory, you have a docker compose file. Do not use that because we have made the changes as per the requirement so replace the docker compose with the below file.
# VUE_APP_BASE_URL: /my-path/
Now we have to run the docker compose file.
docker-compose -f <Compose fileName> up -d
Now open the web browser and type http://127.0.0.1:8080. The UI will look like the below image.
In the next part, I will explain how to create an alert with all the options that are available in the current version.
Opstree is an End to End DevOps solution provider