如何在bosun配置中处理时间戳？

Question

我正在尝试从bosun在elasticsearch中插入一个警报，但我不知道如何用当前时间填充变量$timestamp (看看我的示例)。我可以在bosun.conf中使用函数吗？我想要像now()这样的东西。有人能帮帮我吗？

以下是示例配置的摘录：

macro m1
{
    $timestamp = **???**
}
notification http_crit
{
    macro = m1
    post =  http://xxxxxxx:9200/alerts/http/
    body = {"@timestamp":$timestamp,"level":"critical","alert_name":"my_alert"}
    next = http_crit
    timeout = 1m
}
alert http
{
    template = elastic
    $testHTTP = lscount("logstash", "", "_type:stat_http,http_response:200", "1m", "5m", "")
    $testAvgHTTP  = avg($testHTTP)
    crit = $testAvgHTTP < 100
    critNotification = http_crit
}

Answer 1

我们在主分支中使用最近被重命名为.Last.Time.Format的.State.Touched.Format。格式字符串是一个go time format，您必须让它打印出elastic期望的正确格式。

template elastic {
    subject = `Time: {{.State.Touched.Format "15:04:05UTC"}}`
}
//Changed on 2016 Feb 01 to
template elastic {
    subject = `Time: {{.Last.Time.Format "15:04:05UTC"}}`
}

它在渲染时将如下所示：

时间: 01:30:13UTC