Praeco
Elasticsearch alerting made simple.
Install / Use
/learn @johnsusek/PraecoREADME
Praeco
Praeco is an alerting tool for Elasticsearch – a GUI for ElastAlert 2, using the ElastAlert API.
- Interactively build alerts for your Elasticsearch data using a query builder
- Preview results in an interactive chart
- Test your alerts against historical data
- Send notifications to Slack, Email, Telegram, Jira, Mattermost, Command, Gitter, Amazon SNS, Amazon SES, Zabbix, Twilio, PagerTree, Exotel, GoogleChat, Stomp, Splunk On-Call (Formerly VictorOps), ServiceNow, Chatwork, Discord, TheHive, Alerta, Datadog, Rocket.Chat, PagerDuty, Tencent SMS, Dingtalk, Alertmanager, OpsGenie, Graylog GELF, Lark, IRIS, WorkWechat, Matrix Hookshot , Microsoft Power Automate, Webex, YZJ, Flashduty, LINE Message API, SMSEagle or an HTTP POST/HTTP POST 2 endpoint
- Supports the Any, Blacklist, Whitelist, Change, Frequency, Flatline, Spike, Cardinality, New Term, and Metric Aggregation rule types
- View logs of when your alerts check, fire and fail
👉 Praeco is a completely free GPLv3 project, in return I only ask that you fill out this simple survey about how you use it.
Quickstart
Run the app using Docker compose. Praeco includes everything you need to get started. Just provide it the IP address of your Elasticsearch instance.
mkdir -p rules rule_templates
chmod -R 777 rules rule_templates
echo "slack_webhook_url: ''" | sudo tee -a rules/BaseRule.config >/dev/null
export PRAECO_ELASTICSEARCH=<your elasticsearch ip>
docker-compose up
-
Don't use 127.0.0.1 for PRAECO_ELASTICSEARCH. See first item under the Troubleshooting section.
-
To set up notification settings like API keys edit
rules/BaseRule.config.
Praeco should now be available on http://127.0.0.1:8080
Upgrading
If you use docker-compose.yml published on github as it is, it will be the current latest version instead of a specific version. If you want to specify a specific version, edit it yourself and then run docker-compose up --force-recreate --build.
docker-compose down
docker rmi praecoapp/praeco:latest
docker rmi praecoapp/elastalert-server:latest
docker pull praecoapp/praeco:latest
docker pull praecoapp/elastalert-server:latest
docker-compose up --force-recreate --build
You may need to update your config files when a new version comes out. Please see UPGRADING.md for version-specific instructions.
Configuration
Edit rules/BaseRule.config, config/api.config.json, config/elastalert.yaml, and/or public/praeco.config.json for advanced configuration options. See the api docs and the example ElastAlert 2 config for more information.
Any ElastAlert 2 option you put into rules/BaseRule.config will be applied to every rule.
The following config settings are available in praeco.config.json:
// Link back to your Praeco instance, used in Slack alerts
"appUrl": "http://praeco-app-url:8080",
// A recordatus (https://github.com/johnsusek/recordatus) instance for javascript error reporting
"errorLoggerUrl": "",
// Hide these fields when editing rules, if they are already filled in template
"hidePreconfiguredFields": []
DockerHub
Praeco & elastalert server docker image relations table
praecoapp/elastalert-server ChangeLog
FAQ
Is there a sample to start elasticsearch, kibana, elastalert-server, Praeco with docker-compose?
docker compose sample(telegram)
Please tell me the response status of the alert notification destination.
👉 ElastAlert 2 Alerts support status
Will elastalert-server / Praeco be supported forever?
First of all, please understand that it is open source software. If you need generous support, please consider paid support software.
- We are not responsible for fixing bugs.
- There is no obligation to respond to your request.
- There is no obligation to add features.
- We do not always answer issues.
It does not work with the combination of bitsensor/elastalert and praeco. Is it a bug?
Do not use bitsensor/elastalert as it does not implement the features required by praeco. Use praecoapp/elastalert-server.
It does not work with the combination of karql/elastalert2-server and praeco. Is it a bug?
Do not use karql/elastalert2-server as it does not implement the features required by praeco. Use praecoapp/elastalert-server.
Does yelp/elastalert support it?
yelp/elastalert is no longer supported as maintenance has been discontinued.
Main challenges of yelp/elastalert
- Not compatible with python 3.12 or later.
- PagerTree, Stomp and Zabbix alert notifications do not work due to a bug.
- kibana Discover only guarantees operation up to kibana 7.3.
Does it support elasticsearch 5.x?
Not Support
Doesi support elasticserch 6.x?`
Elasticserch 6 is no longer supported from elastalert2 2.4.0.<br>
Please use praecoapp/elastalert-server:20220109 with elastalert2 installed before 2.4.0.
Does it support elasticsearch 7.x?
Support
Does it support elasticsearch 8.x?
- Supports elasticsearch 8 with praeco 1.8.11 or later.<br>
- elastalert-server is compatible with elasticsearch 8.
Does it support elasticsearch 9.x?
- Supports elasticsearch 9 with praeco 1.8.21 or later.<br>
- elastalert-server is compatible with elasticsearch 9.
Can you support a version that is not the latest version?
Not Support
Is it possible to set Percentage Match on the screen?
Not Support
Is it possible to set Spike Aggregation on the screen?
Not Support
Is it possible to set custom format (timestamp_type, timestamp_format, timestamp_format_expr) on the screen?
Not Support
Does elasticsearch-oss?
Not Support
Does elastalert-server support Amazon OpenSearch Service (formerly Amazon Elasticsearch)?
Not Support
Does elastalert-server support OpenSearch?
Not Support
Does elastalert-server support Elastic Cloud CloudID connections?
Not Support
Does elastalert-server support Elasticsearch ApiKey authentication connections?
Not Support
Does elastalert-server support Elasticsearch Bearer authentication connections?
Not Support
Does elastalert-server support Elasticsearch proxy connections?
Not Support
Mulit-elasticsearch instances
Not Support
If the contents of BaseRule.config are empty, an error will occur.
Currently, an error will occur when BaseRule.config is empty, so please make it as described below.
echo "slack_webhook_url: ''" | sudo tee -a rules/BaseRule.config >/dev/null
Are you planning to add a login screen?
There are no plans to support this at this time.
Are you planning to support Email_format for Email?
There are no plans to support this at this time.
I can't send an email when I specify a gmail or Microsoft 365 address in from_addr of Email. Is there a workaround?
- For Gmail, you need to set Allow insecure apps.
- There is no workaround for Microsoft 365.
Is it possible to raise an alert only during a specific time period?
It is possible to set within or outside the time zone specified in the Use Time Window.
Is it possible to execute the rule only at a specific time?
It can be set with Limit Excecution.
When using the field specified by alert_subject_args in alert_subject, how do you set it on the screen?
- Click the Alert Subject Args link for the number of fields you want to add and press the "Add alert_textargs" button. Enter the field you want to add.
- When embedding a field in Subject, specify a serial number from 0, such as {0} for the first and {1} for the second.
When using the field specified by alert_text_args in alert_text, how do you set it on the screen?
- Click the AlertTextArgs link for as many fields as you want to add and press the "Add alert_textargs" button. Enter the field you want to add.
- When embedding a field in Body text, specify a serial number from 0, such as {0} for the first and {1} for the second.
[Third Party Tools] ElastAlert Server & Praeco Helm Chart
ElastAlert Server Helm Chart<br> Praeco Helm Chart<br> [Installing Praeco (ElastAlert GUI) into Kubernetes with Helm](https://en-designetwork.daichi703n.com/entry/20
