sourabh-agrawal/elastalert-kafka-disk-critical.yml

## elastalert-kafka-disk-critical.yml
index: metricbeat-live*
description: "This alert is fired when disk at /kafka has usage in between 90-100%"
name: central-kafka-disk-critical
type: any
alert: slack

realert:
  hours: 2

# I am monitoring via BrokerId
query_key: tags_hash.id
doc_type: _doc

# I have indexed my cluster info like application, cluster_name in tags_hash
filter:
  - query:
      query_string:
        query: 'tags_hash.cluster: central AND tags_hash.application: kafka AND metricset.name: filesystem AND system.filesystem.mount_point: "/kafka"'
  - query:
      range:
        "system.filesystem.used.pct":
          "gte": 0.90
          "lte": 1.00

# alert on slack
alert_text_type: alert_text_only
include: ["system.filesystem.used.pct", "system.filesystem.mount_point", "host.name", "tags_hash.id", "tags_hash.cluster", "tags_hash.application"]

slack_webhook_url: "<paste_your_slack_webhook_url>"
slack_text_string: ":WARNING::mega: Disk usage alert :boom::fire:"

alert_text: "*Used %*\t\t\t:\t{0}\n
*MountPoint*\t:\t{1}\n
*Host*\t\t\t\t:\t{2}\n
*BrokerId*\t\t :\t{3}\n
*Cluster*\t\t\t:\t{4}\n
*Application*\t :\t{5}\n\n
_This alert is fired when used disk space is in between 90-100%_"

alert_text_args: ["system.filesystem.used.pct", "system.filesystem.mount_point", "host.name", "tags_hash.id", "tags_hash.cluster", "tags_hash.application"]

slack_emoji_override: ":yoda:"
# Available colors: good, warning, danger
slack_msg_color: 'danger'
	index: metricbeat-live*
	description: "This alert is fired when disk at /kafka has usage in between 90-100%"
	name: central-kafka-disk-critical
	type: any
	alert: slack

	realert:
	hours: 2

	# I am monitoring via BrokerId
	query_key: tags_hash.id
	doc_type: _doc

	# I have indexed my cluster info like application, cluster_name in tags_hash
	filter:
	- query:
	query_string:
	query: 'tags_hash.cluster: central AND tags_hash.application: kafka AND metricset.name: filesystem AND system.filesystem.mount_point: "/kafka"'
	- query:
	range:
	"system.filesystem.used.pct":
	"gte": 0.90
	"lte": 1.00

	# alert on slack
	alert_text_type: alert_text_only
	include: ["system.filesystem.used.pct", "system.filesystem.mount_point", "host.name", "tags_hash.id", "tags_hash.cluster", "tags_hash.application"]

	slack_webhook_url: "<paste_your_slack_webhook_url>"
	slack_text_string: ":WARNING::mega: Disk usage alert :boom::fire:"

	alert_text: "Used %\t\t\t:\t{0}\n
	MountPoint\t:\t{1}\n
	Host\t\t\t\t:\t{2}\n
	BrokerId\t\t :\t{3}\n
	Cluster\t\t\t:\t{4}\n
	Application\t :\t{5}\n\n
	_This alert is fired when used disk space is in between 90-100%_"

	alert_text_args: ["system.filesystem.used.pct", "system.filesystem.mount_point", "host.name", "tags_hash.id", "tags_hash.cluster", "tags_hash.application"]

	slack_emoji_override: ":yoda:"
	# Available colors: good, warning, danger
	slack_msg_color: 'danger'