Kapacitor

https://github.com/influxdata/Kapacitor

Open source framework for processing, monitoring, and alerting on time series data

可以通过chrongraf创建tickscript/task, 然后通过api/cli导入到kapacitor.

配置:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
hostname = "10.103.1.1"

# 如果从influxdb读取数据需要配置该选项.
[[influxdb]]
enabled = true

# 如果从该路径加载tickscript
[[load]]
enabled = true
dir="/etc/kapacitor/load"
# tasks, 放到/etc/kapacitor/load/tasks/*.tick,重启kapacitor会自动加载task,并默认enable.
## 要求,ID和tick文件同名,tickscript开头需要指定dbrp, tickscript里面需要指定batch/stream.
# templates...
# handlers...

CLI

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
$ kapacitor help

# 创建/更新 task, 创建的默认是disable状态.
$ kapacitor define [task id/name] -tick [*.tick] -type [stream|batch] -dbrp [database.retentionPolicy]
# 删除task
$ kapacitor delete [task id/name]

$ kapacitor list tasks
$ kapacitor reload [task id/name] # 相当于disable & enable.
$ kapacitor enable [task id/name]
$ kapaciror disable [task id/name]
$ kapacitor show [task id/name]
$ kapacitor watch [task id/name]

$ kapacitor list topics
$ kapacitor delete topics [topic id]

Http API

1
port = 9092

configuration

获取所有可以overwrite的参数

1
GET /kapacitor/v1/config

获取section/option参数

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
GET /kapacitor/v1/config/smtp
GET /kapacitor/v1/config/smtp/
GET /kapacitor/v1/config/influxdb
GET /kapacitor/v1/config/influxdb/localhost

POST /kapacitor/v1/config/smtp/
{
    "set":{
        "enabled": true
    }
}

TICKscript

tickscript字符串用单引号和三单引号表示.

1
2
3
var a = 'test'
var b = '''test1
test2'''

Keywords:

1
2
3
4
5
6
7
TRUE
FALSE
AND
OR
lambda
var
dbrp

operator:

1
2
3
4
+ - * /    算数运算
== != < <= > >=    比较运算
=~ !~    正则表达式匹配和不匹配
! AND OR    逻辑运算

chaining operators:

1
2
3
|    chaining method (constructor)
.    property method (property methods & event handlers)
@    User Define Function

status:

1
2
3
4
0 -> OK
1 -> INFO
2 -> WARN
3 -> CRIT

node

node是tickscript中的复杂数据结构.

两个顶级node类型是stream和batch

batch是定时查询influxdb.

stream是通过订阅influxdb,写入到influxdb的数据也会写入kapacitor.

constructor调用相应的property methods.

stream

1
2
var data = stream
    |from()...

property methods:

1
quiet()

chaining methods:

1
2
3
Deadman
From
Stats

batch

1
2
var data = batch
    |query()...

property methods:

1
quiet()

chaining methods:

1
2
3
Deadman
Query
Stats

alert

alert有三种类型: threshold, relative, deadman.

1
2
3
4
5
6
7
var alert = data
    |eval()...
    |alert()
      .id('{{ index .Tags "<tag-key>" }}')
      .message('{{ .ID }} {{ .Level }} {{ index .Fields "<field-key>" }} {{ .Time }}')
      .details(...)
      ...

constructor:

1
alert()

property methods:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
id()    # 定义alert的ID
message()    # 相当于email的subject.
details()    # html格式的警告信息,相当于email的body.
info()
infoReset()
warn()
warnReset()
crit()
critReset()
email()
log()    # 将json格式的alert存放到文件.
idTag
idField
levelTag()
levelField()
durationField()
messageField()
post()
tcp()
all()    # period里面所有值都满足条件才alert
topic()
flapping()
history()
inhibit(<category>, <tags>) // 忽略一类告警
quiet()
noRecoveries() # 不要发恢复(OK)的警告
stateChangesOnly() # 状态改变才发警告,OK/INFO/WARNING/CRITICAL
category()

message/details event data:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
# 通过property methods定义一些变量
ID -> {{ .ID }}
Name -> measurement
TaskName -> task name
Group -> groupBy
Tags -> {{.Tags}} {{index .Tags "<tag_key>"}}
Fields -> {{.Fields}} {{index .Fields "<field_key>"}}
Message
Details
Time -> {{ .Time }}
Duration -> {{ .Duration }}
Level -> {{ .Level }}
Data
Recoverable

query

constructor:

1
query(q string)

property methods:

1
2
3
4
5
6
7
8
fill()
align()
alignGroup()
groupBy()
cron()
every()
period()
quiet()

from

constructor:

1
from()

property methods:

1
2
3
4
5
6
7
8
database()
retentionPolicy()
measurement()
where()
groupBy()
round()
truncate()
quiet()

window

constructor:

1
window()

property methods:

1
2
3
4
every()
period()
align()
quiet()

Log

constructor:

1
log()

property methods:

1
2
3
level()
prefix()
quiet()

influxDBOut

constructor:

1
influxDBOut()

property methods:

1
2
create()
...

handler

handler是用来处理alert的工具, 最常用的是email

handler可以调用相应的options.

email

options:

1
to("<email_address>")

需要配置smtp

1
2
3
4
5
6
7
8
9
[smtp]
    enabled = true
    host = "localhost"  # 一般postfix/mailutils和kapacitor安装到同一台server
    port = 25

    from = "canuxcheng@gmail.com"  # 必须配置
    to = [""]  # 可以在tickscript中指定, tickscript不指定,就用该配置.

    global = true # 开启后,tickscript中不用指定handler,默认都是发邮件.

log

options:

1
2
path
mode

写入到log.

post

tcp