fix: query data

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.32.0 to 0.45.0.
- [Commits](https://github.com/golang/crypto/compare/v0.32.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/issue-translator.yml

@@ -0,0 +1,22 @@
+name: 'Issue Translator'
+
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  translate:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      contents: read
+    steps:
+      - name: Translate Issues
+        uses: usthe/issues-translate-action@v2.7
+        with:
+          # 是否翻译 issue 标题
+          IS_MODIFY_TITLE: true
+          # GitHub Token
+          BOT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # 自定义翻译标注（可选）
+          # CUSTOM_BOT_NOTE: "Translation by bot"

.gitignore

@@ -59,6 +59,7 @@ _test
 .index
 .vscode
 .issue
+.issue/*
 .cursor
 .claude
 .DS_Store

.issue

@@ -1 +0,0 @@
-/Users/ning/qinyening.com/issue/n9e

.typos.toml

@@ -0,0 +1,41 @@
+# Configuration for typos tool
+[files]
+extend-exclude = [
+    # Ignore auto-generated easyjson files
+    "*_easyjson.go",
+    # Ignore binary files
+    "*.gz",
+    "*.tar",
+    "n9e",
+    "n9e-*"
+]
+
+[default.extend-identifiers]
+# Didi is a company name (DiDi), not a typo
+Didi = "Didi"
+# datas is intentionally used as plural of data (slice variable)
+datas = "datas"
+# pendings is intentionally used as plural
+pendings = "pendings"
+pendingsUseByRecover = "pendingsUseByRecover"
+pendingsUseByRecoverMap = "pendingsUseByRecoverMap"
+# typs is intentionally used as shorthand for types (parameter name)
+typs = "typs"
+
+[default.extend-words]
+# Some false positives
+ba = "ba"
+# Specific corrections for ambiguous typos
+contigious = "contiguous"
+onw = "own"
+componet = "component"
+Patten = "Pattern"
+Requets = "Requests"
+Mis = "Miss"
+exporer = "exporter"
+soruce = "source"
+verison = "version"
+Configations = "Configurations"
+emmited = "emitted"
+Utlization = "Utilization"
+serie = "series"

README.md

@@ -47,7 +47,7 @@ Nightingale itself does not provide monitoring data collection capabilities. We
 
 For certain edge data centers with poor network connectivity to the central Nightingale server, we offer a distributed deployment mode for the alerting engine. In this mode, even if the network is disconnected, the alerting functionality remains unaffected.
 
-![Edge Deployment Mode](doc/img/readme/20240222102119.png)
+![Edge Deployment Mode](doc/img/readme/multi-region-arch.png)
 
 > In the above diagram, Data Center A has a good network with the central data center, so it uses the Nightingale process in the central data center as the alerting engine. Data Center B has a poor network with the central data center, so it deploys `n9e-edge` as the alerting engine to handle alerting for its own data sources.
 
@@ -68,7 +68,7 @@ Then Nightingale is not suitable. It is recommended that you choose on-call prod
 
 ## 🔑 Key Features
 
-![Nightingale Alerting rules](doc/img/readme/2025-05-23_18-43-37.png)
+![Nightingale Alerting rules](doc/img/readme/alerting-rules-en.png)
 
 - Nightingale supports alerting rules, mute rules, subscription rules, and notification rules. It natively supports 20 types of notification media and allows customization of message templates.  
 - It supports event pipelines for Pipeline processing of alarms, facilitating automated integration with in-house systems. For example, it can append metadata to alarms or perform relabeling on events. 
@@ -76,19 +76,19 @@ Then Nightingale is not suitable. It is recommended that you choose on-call prod
 - Many databases and middleware come with built-in alert rules that can be directly imported and used. It also supports direct import of Prometheus alerting rules.  
 - It supports alerting self-healing, which automatically triggers a script to execute predefined logic after an alarm is generated—such as cleaning up disk space or capturing the current system state.
 
-![Nightingale Alarm Dashboard](doc/img/readme/2025-05-30_08-49-28.png)
+![Nightingale Alarm Dashboard](doc/img/readme/active-events-en.png)
 
 - Nightingale archives historical alarms and supports multi-dimensional query and statistics.  
 - It supports flexible aggregation grouping, allowing a clear view of the distribution of alarms across the company.
 
-![Nightingale Integration Center](doc/img/readme/2025-05-23_18-46-06.png)
+![Nightingale Integration Center](doc/img/readme/integration-components-en.png)
 
 - Nightingale has built-in metric descriptions, dashboards, and alerting rules for common operating systems, middleware, and databases, which are contributed by the community with varying quality.  
 - It directly receives data via multiple protocols such as Remote Write, OpenTSDB, Datadog, and Falcon, integrates with various Agents.  
 - It supports data sources like Prometheus, ElasticSearch, Loki, ClickHouse, MySQL, Postgres, allowing alerting based on data from these sources.  
 - Nightingale can be easily embedded into internal enterprise systems (e.g. Grafana, CMDB), and even supports configuring menu visibility for these embedded systems.
 
-![Nightingale dashboards](doc/img/readme/2025-05-23_18-49-02.png)
+![Nightingale dashboards](doc/img/readme/dashboard-en.png)
 
 - Nightingale supports dashboard functionality, including common chart types, and comes with pre-built dashboards. The image above is a screenshot of one of these dashboards.  
 - If you are already accustomed to Grafana, it is recommended to continue using Grafana for visualization, as Grafana has deeper expertise in this area.  
@@ -112,4 +112,4 @@ Then Nightingale is not suitable. It is recommended that you choose on-call prod
 </a>
 
 ## 📜 License
-- [Apache License V2.0](https://github.com/didi/nightingale/blob/main/LICENSE)
+- [Apache License V2.0](https://github.com/ccfos/nightingale/blob/main/LICENSE)

README_zh.md

@@ -29,9 +29,11 @@
 
 ## 夜莺是什么
 
-夜莺监控（Nightingale）是一款侧重告警的监控类开源项目。类似 Grafana 的数据源集成方式，夜莺也是对接多种既有的数据源，不过 Grafana 侧重在可视化，夜莺是侧重在告警引擎、告警事件的处理和分发。
+夜莺 Nightingale 是一款开源云原生监控告警工具，是中国计算机学会接受捐赠并托管的第一个开源项目，在 GitHub 上有超过 12000 颗星，广受关注和使用。夜莺的统一告警引擎，可以对接 Prometheus、Elasticsearch、ClickHouse、Loki、MySQL 等多种数据源，提供全面的告警判定、丰富的事件处理和灵活的告警分发及通知能力。
 
-> 夜莺监控项目，最初由滴滴开发和开源，并于 2022 年 5 月 11 日，捐赠予中国计算机学会开源发展委员会（CCF ODC），为 CCF ODC 成立后接受捐赠的第一个开源项目。
+夜莺侧重于监控告警，类似于 Grafana 的数据源集成方式，夜莺也是对接多种既有的数据源，不过 Grafana 侧重于可视化，夜莺则是侧重于告警引擎、告警事件的处理和分发。
+
+> 夜莺监控项目，最初由滴滴开发和开源，并于 2022 年 5 月 11 日，捐赠予中国计算机学会开源发展技术委员会（CCF ODTC），为 CCF ODTC 成立后接受捐赠的第一个开源项目。
 
 ![](https://n9e.github.io/img/global/arch-bg.png)
 
@@ -117,4 +119,4 @@
 </a>
 
 ## License
-- [Apache License V2.0](https://github.com/didi/nightingale/blob/main/LICENSE)
+- [Apache License V2.0](https://github.com/ccfos/nightingale/blob/main/LICENSE)

alert/alert.go

@@ -75,7 +75,7 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 
 	macros.RegisterMacro(macros.MacroInVain)
 	dscache.Init(ctx, false)
-	Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache, alertRuleCache, notifyConfigCache, taskTplsCache, dsCache, ctx, promClients, userCache, userGroupCache, notifyRuleCache, notifyChannelCache, messageTemplateCache)
+	Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache, alertRuleCache, notifyConfigCache, taskTplsCache, dsCache, ctx, promClients, userCache, userGroupCache, notifyRuleCache, notifyChannelCache, messageTemplateCache, configCvalCache)
 
 	r := httpx.GinEngine(config.Global.RunMode, config.HTTP,
 		configCvalCache.PrintBodyPaths, configCvalCache.PrintAccessLog)
@@ -98,7 +98,7 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 
 func Start(alertc aconf.Alert, pushgwc pconf.Pushgw, syncStats *memsto.Stats, alertStats *astats.Stats, externalProcessors *process.ExternalProcessorsType, targetCache *memsto.TargetCacheType, busiGroupCache *memsto.BusiGroupCacheType,
 	alertMuteCache *memsto.AlertMuteCacheType, alertRuleCache *memsto.AlertRuleCacheType, notifyConfigCache *memsto.NotifyConfigCacheType, taskTplsCache *memsto.TaskTplCache, datasourceCache *memsto.DatasourceCacheType, ctx *ctx.Context,
-	promClients *prom.PromClientMap, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType, notifyRuleCache *memsto.NotifyRuleCacheType, notifyChannelCache *memsto.NotifyChannelCacheType, messageTemplateCache *memsto.MessageTemplateCacheType) {
+	promClients *prom.PromClientMap, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType, notifyRuleCache *memsto.NotifyRuleCacheType, notifyChannelCache *memsto.NotifyChannelCacheType, messageTemplateCache *memsto.MessageTemplateCacheType, configCvalCache *memsto.CvalCache) {
 	alertSubscribeCache := memsto.NewAlertSubscribeCache(ctx, syncStats)
 	recordingRuleCache := memsto.NewRecordingRuleCache(ctx, syncStats)
 	targetsOfAlertRulesCache := memsto.NewTargetOfAlertRuleCache(ctx, alertc.Heartbeat.EngineName, syncStats)
@@ -117,14 +117,14 @@ func Start(alertc aconf.Alert, pushgwc pconf.Pushgw, syncStats *memsto.Stats, al
 
 	eventProcessorCache := memsto.NewEventProcessorCache(ctx, syncStats)
 
-	dp := dispatch.NewDispatch(alertRuleCache, userCache, userGroupCache, alertSubscribeCache, targetCache, notifyConfigCache, taskTplsCache, notifyRuleCache, notifyChannelCache, messageTemplateCache, eventProcessorCache, alertc.Alerting, ctx, alertStats)
-	consumer := dispatch.NewConsumer(alertc.Alerting, ctx, dp, promClients)
+	dp := dispatch.NewDispatch(alertRuleCache, userCache, userGroupCache, alertSubscribeCache, targetCache, notifyConfigCache, taskTplsCache, notifyRuleCache, notifyChannelCache, messageTemplateCache, eventProcessorCache, configCvalCache, alertc.Alerting, ctx, alertStats)
+	consumer := dispatch.NewConsumer(alertc.Alerting, ctx, dp, promClients, alertMuteCache)
 
-	notifyRecordComsumer := sender.NewNotifyRecordConsumer(ctx)
+	notifyRecordConsumer := sender.NewNotifyRecordConsumer(ctx)
 
 	go dp.ReloadTpls()
 	go consumer.LoopConsume()
-	go notifyRecordComsumer.LoopConsume()
+	go notifyRecordConsumer.LoopConsume()
 
 	go queue.ReportQueueSize(alertStats)
 	go sender.ReportNotifyRecordQueueSize(alertStats)

alert/common/key.go

@@ -1,6 +1,7 @@
 package common
 
 import (
+	"encoding/json"
 	"fmt"
 	"strings"
 
@@ -13,6 +14,20 @@ func RuleKey(datasourceId, id int64) string {
 
 func MatchTags(eventTagsMap map[string]string, itags []models.TagFilter) bool {
 	for _, filter := range itags {
+		// target_group in和not in优先特殊处理：匹配通过则继续下一个 filter，匹配失败则整组不匹配
+		if filter.Key == "target_group" {
+			// target 字段从 event.JsonTagsAndValue() 中获取的
+			v, ok := eventTagsMap["target"]
+			if !ok {
+				return false
+			}
+			if !targetGroupMatch(v, filter) {
+				return false
+			}
+			continue
+		}
+
+		// 普通标签按原逻辑处理
 		value, has := eventTagsMap[filter.Key]
 		if !has {
 			return false
@@ -35,9 +50,9 @@ func MatchGroupsName(groupName string, groupFilter []models.TagFilter) bool {
 func matchTag(value string, filter models.TagFilter) bool {
 	switch filter.Func {
 	case "==":
-		return strings.TrimSpace(filter.Value) == strings.TrimSpace(value)
+		return strings.TrimSpace(fmt.Sprintf("%v", filter.Value)) == strings.TrimSpace(value)
 	case "!=":
-		return strings.TrimSpace(filter.Value) != strings.TrimSpace(value)
+		return strings.TrimSpace(fmt.Sprintf("%v", filter.Value)) != strings.TrimSpace(value)
 	case "in":
 		_, has := filter.Vset[value]
 		return has
@@ -49,6 +64,65 @@ func matchTag(value string, filter models.TagFilter) bool {
 	case "!~":
 		return !filter.Regexp.MatchString(value)
 	}
-	// unexpect func
+	// unexpected func
 	return false
 }
+
+// targetGroupMatch 处理 target_group 的特殊匹配逻辑
+func targetGroupMatch(value string, filter models.TagFilter) bool {
+	var valueMap map[string]interface{}
+	if err := json.Unmarshal([]byte(value), &valueMap); err != nil {
+		return false
+	}
+	switch filter.Func {
+	case "in", "not in":
+		// float64 类型的 id 切片
+		filterValueIds, ok := filter.Value.([]interface{})
+		if !ok {
+			return false
+		}
+		filterValueIdsMap := make(map[float64]struct{})
+		for _, id := range filterValueIds {
+			filterValueIdsMap[id.(float64)] = struct{}{}
+		}
+		// float64 类型的 groupIds 切片
+		groupIds, ok := valueMap["group_ids"].([]interface{})
+		if !ok {
+			return false
+		}
+		// in 只要 groupIds 中有一个在 filterGroupIds 中出现，就返回 true
+		// not in 则相反
+		found := false
+		for _, gid := range groupIds {
+			if _, found = filterValueIdsMap[gid.(float64)]; found {
+				break
+			}
+		}
+		if filter.Func == "in" {
+			return found
+		}
+		// filter.Func == "not in"
+		return !found
+
+	case "=~", "!~":
+		// 正则满足一个就认为 matched
+		groupNames, ok := valueMap["group_names"].([]interface{})
+		if !ok {
+			return false
+		}
+		matched := false
+		for _, gname := range groupNames {
+			if filter.Regexp.MatchString(fmt.Sprintf("%v", gname)) {
+				matched = true
+				break
+			}
+		}
+		if filter.Func == "=~" {
+			return matched
+		}
+		// "!~": 只要有一个匹配就返回 false，否则返回 true
+		return !matched
+	default:
+		return false
+	}
+}

alert/dispatch/consume.go

@@ -10,6 +10,7 @@ import (
 	"github.com/ccfos/nightingale/v6/alert/aconf"
 	"github.com/ccfos/nightingale/v6/alert/common"
 	"github.com/ccfos/nightingale/v6/alert/queue"
+	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
 	"github.com/ccfos/nightingale/v6/pkg/poster"
@@ -26,10 +27,15 @@ type Consumer struct {
 	alerting aconf.Alerting
 	ctx      *ctx.Context
 
-	dispatch    *Dispatch
-	promClients *prom.PromClientMap
+	dispatch       *Dispatch
+	promClients    *prom.PromClientMap
+	alertMuteCache *memsto.AlertMuteCacheType
 }
 
+type EventMuteHookFunc func(event *models.AlertCurEvent) bool
+
+var EventMuteHook EventMuteHookFunc = func(event *models.AlertCurEvent) bool { return false }
+
 func InitRegisterQueryFunc(promClients *prom.PromClientMap) {
 	tplx.RegisterQueryFunc(func(datasourceID int64, promql string) model.Value {
 		if promClients.IsNil(datasourceID) {
@@ -43,12 +49,14 @@ func InitRegisterQueryFunc(promClients *prom.PromClientMap) {
 }
 
 // 创建一个 Consumer 实例
-func NewConsumer(alerting aconf.Alerting, ctx *ctx.Context, dispatch *Dispatch, promClients *prom.PromClientMap) *Consumer {
+func NewConsumer(alerting aconf.Alerting, ctx *ctx.Context, dispatch *Dispatch, promClients *prom.PromClientMap, alertMuteCache *memsto.AlertMuteCacheType) *Consumer {
 	return &Consumer{
 		alerting:    alerting,
 		ctx:         ctx,
 		dispatch:    dispatch,
 		promClients: promClients,
+
+		alertMuteCache: alertMuteCache,
 	}
 }
 
@@ -110,10 +118,6 @@ func (e *Consumer) consumeOne(event *models.AlertCurEvent) {
 
 	e.persist(event)
 
-	if event.IsRecovered && event.NotifyRecovered == 0 {
-		return
-	}
-
 	e.dispatch.HandleEventNotify(event, false)
 }
 

alert/dispatch/dispatch.go

@@ -24,6 +24,17 @@ import (
 	"github.com/toolkits/pkg/logger"
 )
 
+var ShouldSkipNotify func(*ctx.Context, *models.AlertCurEvent, int64) bool
+var SendByNotifyRule func(*ctx.Context, *memsto.UserCacheType, *memsto.UserGroupCacheType, *memsto.NotifyChannelCacheType, *memsto.CvalCache,
+	[]*models.AlertCurEvent, int64, *models.NotifyConfig, *models.NotifyChannelConfig, *models.MessageTemplate)
+
+var EventProcessorCache *memsto.EventProcessorCacheType
+
+func init() {
+	ShouldSkipNotify = shouldSkipNotify
+	SendByNotifyRule = SendNotifyRuleMessage
+}
+
 type Dispatch struct {
 	alertRuleCache      *memsto.AlertRuleCacheType
 	userCache           *memsto.UserCacheType
@@ -32,6 +43,7 @@ type Dispatch struct {
 	targetCache         *memsto.TargetCacheType
 	notifyConfigCache   *memsto.NotifyConfigCacheType
 	taskTplsCache       *memsto.TaskTplCache
+	configCvalCache     *memsto.CvalCache
 
 	notifyRuleCache      *memsto.NotifyRuleCacheType
 	notifyChannelCache   *memsto.NotifyChannelCacheType
@@ -45,9 +57,8 @@ type Dispatch struct {
 	tpls             map[string]*template.Template
 	ExtraSenders     map[string]sender.Sender
 	BeforeSenderHook func(*models.AlertCurEvent) bool
-
-	ctx    *ctx.Context
-	Astats *astats.Stats
+	ctx              *ctx.Context
+	Astats           *astats.Stats
 
 	RwLock sync.RWMutex
 }
@@ -56,7 +67,7 @@ type Dispatch struct {
 func NewDispatch(alertRuleCache *memsto.AlertRuleCacheType, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType,
 	alertSubscribeCache *memsto.AlertSubscribeCacheType, targetCache *memsto.TargetCacheType, notifyConfigCache *memsto.NotifyConfigCacheType,
 	taskTplsCache *memsto.TaskTplCache, notifyRuleCache *memsto.NotifyRuleCacheType, notifyChannelCache *memsto.NotifyChannelCacheType,
-	messageTemplateCache *memsto.MessageTemplateCacheType, eventProcessorCache *memsto.EventProcessorCacheType, alerting aconf.Alerting, ctx *ctx.Context, astats *astats.Stats) *Dispatch {
+	messageTemplateCache *memsto.MessageTemplateCacheType, eventProcessorCache *memsto.EventProcessorCacheType, configCvalCache *memsto.CvalCache, alerting aconf.Alerting, c *ctx.Context, astats *astats.Stats) *Dispatch {
 	notify := &Dispatch{
 		alertRuleCache:       alertRuleCache,
 		userCache:            userCache,
@@ -69,6 +80,7 @@ func NewDispatch(alertRuleCache *memsto.AlertRuleCacheType, userCache *memsto.Us
 		notifyChannelCache:   notifyChannelCache,
 		messageTemplateCache: messageTemplateCache,
 		eventProcessorCache:  eventProcessorCache,
+		configCvalCache:      configCvalCache,
 
 		alerting: alerting,
 
@@ -77,11 +89,12 @@ func NewDispatch(alertRuleCache *memsto.AlertRuleCacheType, userCache *memsto.Us
 		ExtraSenders:     make(map[string]sender.Sender),
 		BeforeSenderHook: func(*models.AlertCurEvent) bool { return true },
 
-		ctx:    ctx,
+		ctx:    c,
 		Astats: astats,
 	}
 
 	pipeline.Init()
+	EventProcessorCache = eventProcessorCache
 
 	// 设置通知记录回调函数
 	notifyChannelCache.SetNotifyRecordFunc(sender.NotifyRecord)
@@ -166,41 +179,12 @@ func (e *Dispatch) HandleEventWithNotifyRule(eventOrigin *models.AlertCurEvent)
 			if !notifyRule.Enable {
 				continue
 			}
+			eventCopy.NotifyRuleId = notifyRuleId
+			eventCopy.NotifyRuleName = notifyRule.Name
 
-			var processors []models.Processor
-			for _, pipelineConfig := range notifyRule.PipelineConfigs {
-				if !pipelineConfig.Enable {
-					continue
-				}
-
-				eventPipeline := e.eventProcessorCache.Get(pipelineConfig.PipelineId)
-				if eventPipeline == nil {
-					logger.Warningf("notify_id: %d, event:%+v, processor not found", notifyRuleId, eventCopy)
-					continue
-				}
-
-				if !pipelineApplicable(eventPipeline, eventCopy) {
-					logger.Debugf("notify_id: %d, event:%+v, pipeline_id: %d, not applicable", notifyRuleId, eventCopy, pipelineConfig.PipelineId)
-					continue
-				}
-
-				processors = append(processors, e.eventProcessorCache.GetProcessorsById(pipelineConfig.PipelineId)...)
-			}
-
-			for _, processor := range processors {
-				var res string
-				var err error
-				logger.Infof("before processor notify_id: %d, event:%+v, processor:%+v", notifyRuleId, eventCopy, processor)
-				eventCopy, res, err = processor.Process(e.ctx, eventCopy)
-				if eventCopy == nil {
-					logger.Warningf("after processor notify_id: %d, event:%+v, processor:%+v, event is nil", notifyRuleId, eventCopy, processor)
-					break
-				}
-				logger.Infof("after processor notify_id: %d, event:%+v, processor:%+v, res:%v, err:%v", notifyRuleId, eventCopy, processor, res, err)
-			}
-
-			if eventCopy == nil {
-				// 如果 eventCopy 为 nil，说明 eventCopy 被 processor drop 掉了, 不再发送通知
+			eventCopy = HandleEventPipeline(notifyRule.PipelineConfigs, eventOrigin, eventCopy, e.eventProcessorCache, e.ctx, notifyRuleId, "notify_rule")
+			if ShouldSkipNotify(e.ctx, eventCopy, notifyRuleId) {
+				logger.Infof("notify_id: %d, event:%+v, should skip notify", notifyRuleId, eventCopy)
 				continue
 			}
 
@@ -220,22 +204,74 @@ func (e *Dispatch) HandleEventWithNotifyRule(eventOrigin *models.AlertCurEvent)
 					continue
 				}
 
-				if notifyChannel.RequestType != "flashduty" && messageTemplate == nil {
+				if notifyChannel.RequestType != "flashduty" && notifyChannel.RequestType != "pagerduty" && messageTemplate == nil {
 					logger.Warningf("notify_id: %d, channel_name: %v, event:%+v, template_id: %d, message_template not found", notifyRuleId, notifyChannel.Ident, eventCopy, notifyRule.NotifyConfigs[i].TemplateID)
 					sender.NotifyRecord(e.ctx, []*models.AlertCurEvent{eventCopy}, notifyRuleId, notifyChannel.Name, "", "", errors.New("message_template not found"))
 
 					continue
 				}
 
-				// todo go send
-				// todo 聚合 event
-				go e.sendV2([]*models.AlertCurEvent{eventCopy}, notifyRuleId, &notifyRule.NotifyConfigs[i], notifyChannel, messageTemplate)
+				go SendByNotifyRule(e.ctx, e.userCache, e.userGroupCache, e.notifyChannelCache, e.configCvalCache, []*models.AlertCurEvent{eventCopy}, notifyRuleId, &notifyRule.NotifyConfigs[i], notifyChannel, messageTemplate)
 			}
 		}
 	}
 }
 
-func pipelineApplicable(pipeline *models.EventPipeline, event *models.AlertCurEvent) bool {
+func shouldSkipNotify(ctx *ctx.Context, event *models.AlertCurEvent, notifyRuleId int64) bool {
+	if event == nil {
+		// 如果 eventCopy 为 nil，说明 eventCopy 被 processor drop 掉了, 不再发送通知
+		return true
+	}
+
+	if event.IsRecovered && event.NotifyRecovered == 0 {
+		// 如果 eventCopy 是恢复事件，且 NotifyRecovered 为 0，则不发送通知
+		return true
+	}
+	return false
+}
+
+func HandleEventPipeline(pipelineConfigs []models.PipelineConfig, eventOrigin, event *models.AlertCurEvent, eventProcessorCache *memsto.EventProcessorCacheType, ctx *ctx.Context, id int64, from string) *models.AlertCurEvent {
+	for _, pipelineConfig := range pipelineConfigs {
+		if !pipelineConfig.Enable {
+			continue
+		}
+
+		eventPipeline := eventProcessorCache.Get(pipelineConfig.PipelineId)
+		if eventPipeline == nil {
+			logger.Warningf("processor_by_%s_id:%d pipeline_id:%d, event pipeline not found, event: %+v", from, id, pipelineConfig.PipelineId, event)
+			continue
+		}
+
+		if !PipelineApplicable(eventPipeline, event) {
+			logger.Debugf("processor_by_%s_id:%d pipeline_id:%d, event pipeline not applicable, event: %+v", from, id, pipelineConfig.PipelineId, event)
+			continue
+		}
+
+		processors := eventProcessorCache.GetProcessorsById(pipelineConfig.PipelineId)
+		for _, processor := range processors {
+			var res string
+			var err error
+			logger.Infof("processor_by_%s_id:%d pipeline_id:%d, before processor:%+v, event: %+v", from, id, pipelineConfig.PipelineId, processor, event)
+			event, res, err = processor.Process(ctx, event)
+			if event == nil {
+				logger.Infof("processor_by_%s_id:%d pipeline_id:%d, event dropped, after processor:%+v, event: %+v", from, id, pipelineConfig.PipelineId, processor, eventOrigin)
+
+				if from == "notify_rule" {
+					// alert_rule 获取不到 eventId 记录没有意义
+					sender.NotifyRecord(ctx, []*models.AlertCurEvent{eventOrigin}, id, "", "", res, fmt.Errorf("processor_by_%s_id:%d pipeline_id:%d, drop by processor", from, id, pipelineConfig.PipelineId))
+				}
+				return nil
+			}
+			logger.Infof("processor_by_%s_id:%d pipeline_id:%d, after processor:%+v, event: %+v, res:%v, err:%v", from, id, pipelineConfig.PipelineId, processor, event, res, err)
+		}
+	}
+
+	event.FE2DB()
+	event.FillTagsMap()
+	return event
+}
+
+func PipelineApplicable(pipeline *models.EventPipeline, event *models.AlertCurEvent) bool {
 	if pipeline == nil {
 		return true
 	}
@@ -246,13 +282,16 @@ func pipelineApplicable(pipeline *models.EventPipeline, event *models.AlertCurEv
 
 	tagMatch := true
 	if len(pipeline.LabelFilters) > 0 {
-		for i := range pipeline.LabelFilters {
-			if pipeline.LabelFilters[i].Func == "" {
-				pipeline.LabelFilters[i].Func = pipeline.LabelFilters[i].Op
+		// Deep copy to avoid concurrent map writes on cached objects
+		labelFiltersCopy := make([]models.TagFilter, len(pipeline.LabelFilters))
+		copy(labelFiltersCopy, pipeline.LabelFilters)
+		for i := range labelFiltersCopy {
+			if labelFiltersCopy[i].Func == "" {
+				labelFiltersCopy[i].Func = labelFiltersCopy[i].Op
 			}
 		}
 
-		tagFilters, err := models.ParseTagFilter(pipeline.LabelFilters)
+		tagFilters, err := models.ParseTagFilter(labelFiltersCopy)
 		if err != nil {
 			logger.Errorf("pipeline applicable failed to parse tag filter: %v event:%+v pipeline:%+v", err, event, pipeline)
 			return false
@@ -262,7 +301,11 @@ func pipelineApplicable(pipeline *models.EventPipeline, event *models.AlertCurEv
 
 	attributesMatch := true
 	if len(pipeline.AttrFilters) > 0 {
-		tagFilters, err := models.ParseTagFilter(pipeline.AttrFilters)
+		// Deep copy to avoid concurrent map writes on cached objects
+		attrFiltersCopy := make([]models.TagFilter, len(pipeline.AttrFilters))
+		copy(attrFiltersCopy, pipeline.AttrFilters)
+
+		tagFilters, err := models.ParseTagFilter(attrFiltersCopy)
 		if err != nil {
 			logger.Errorf("pipeline applicable failed to parse tag filter: %v event:%+v pipeline:%+v err:%v", tagFilters, event, pipeline, err)
 			return false
@@ -343,13 +386,16 @@ func NotifyRuleMatchCheck(notifyConfig *models.NotifyConfig, event *models.Alert
 
 	tagMatch := true
 	if len(notifyConfig.LabelKeys) > 0 {
-		for i := range notifyConfig.LabelKeys {
-			if notifyConfig.LabelKeys[i].Func == "" {
-				notifyConfig.LabelKeys[i].Func = notifyConfig.LabelKeys[i].Op
+		// Deep copy to avoid concurrent map writes on cached objects
+		labelKeysCopy := make([]models.TagFilter, len(notifyConfig.LabelKeys))
+		copy(labelKeysCopy, notifyConfig.LabelKeys)
+		for i := range labelKeysCopy {
+			if labelKeysCopy[i].Func == "" {
+				labelKeysCopy[i].Func = labelKeysCopy[i].Op
 			}
 		}
 
-		tagFilters, err := models.ParseTagFilter(notifyConfig.LabelKeys)
+		tagFilters, err := models.ParseTagFilter(labelKeysCopy)
 		if err != nil {
 			logger.Errorf("notify send failed to parse tag filter: %v event:%+v notify_config:%+v", err, event, notifyConfig)
 			return fmt.Errorf("failed to parse tag filter: %v", err)
@@ -363,7 +409,11 @@ func NotifyRuleMatchCheck(notifyConfig *models.NotifyConfig, event *models.Alert
 
 	attributesMatch := true
 	if len(notifyConfig.Attributes) > 0 {
-		tagFilters, err := models.ParseTagFilter(notifyConfig.Attributes)
+		// Deep copy to avoid concurrent map writes on cached objects
+		attributesCopy := make([]models.TagFilter, len(notifyConfig.Attributes))
+		copy(attributesCopy, notifyConfig.Attributes)
+
+		tagFilters, err := models.ParseTagFilter(attributesCopy)
 		if err != nil {
 			logger.Errorf("notify send failed to parse tag filter: %v event:%+v notify_config:%+v err:%v", tagFilters, event, notifyConfig, err)
 			return fmt.Errorf("failed to parse tag filter: %v", err)
@@ -380,9 +430,10 @@ func NotifyRuleMatchCheck(notifyConfig *models.NotifyConfig, event *models.Alert
 	return nil
 }
 
-func GetNotifyConfigParams(notifyConfig *models.NotifyConfig, contactKey string, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType) ([]string, []int64, map[string]string) {
+func GetNotifyConfigParams(notifyConfig *models.NotifyConfig, contactKey string, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType) ([]string, []int64, []string, map[string]string) {
 	customParams := make(map[string]string)
 	var flashDutyChannelIDs []int64
+	var pagerDutyRoutingKeys []string
 	var userInfoParams models.CustomParams
 
 	for key, value := range notifyConfig.Params {
@@ -400,13 +451,26 @@ func GetNotifyConfigParams(notifyConfig *models.NotifyConfig, contactKey string,
 					}
 				}
 			}
+		case "pagerduty_integration_keys", "pagerduty_integration_ids":
+			if key == "pagerduty_integration_ids" {
+				// 不处理ids，直接跳过，这个字段只给前端标记用
+				continue
+			}
+			if data, err := json.Marshal(value); err == nil {
+				var keys []string
+				if json.Unmarshal(data, &keys) == nil {
+					pagerDutyRoutingKeys = keys
+					break
+				}
+			}
 		default:
+			// 避免直接 value.(string) 导致 panic，支持多种类型并统一为字符串
 			customParams[key] = value.(string)
 		}
 	}
 
 	if len(userInfoParams.UserIDs) == 0 && len(userInfoParams.UserGroupIDs) == 0 {
-		return []string{}, flashDutyChannelIDs, customParams
+		return []string{}, flashDutyChannelIDs, pagerDutyRoutingKeys, customParams
 	}
 
 	userIds := make([]int64, 0)
@@ -442,18 +506,20 @@ func GetNotifyConfigParams(notifyConfig *models.NotifyConfig, contactKey string,
 		visited[user.Id] = true
 	}
 
-	return sendtos, flashDutyChannelIDs, customParams
+	return sendtos, flashDutyChannelIDs, pagerDutyRoutingKeys, customParams
 }
 
-func (e *Dispatch) sendV2(events []*models.AlertCurEvent, notifyRuleId int64, notifyConfig *models.NotifyConfig, notifyChannel *models.NotifyChannelConfig, messageTemplate *models.MessageTemplate) {
+func SendNotifyRuleMessage(ctx *ctx.Context, userCache *memsto.UserCacheType, userGroupCache *memsto.UserGroupCacheType, notifyChannelCache *memsto.NotifyChannelCacheType, configCvalCache *memsto.CvalCache,
+	events []*models.AlertCurEvent, notifyRuleId int64, notifyConfig *models.NotifyConfig, notifyChannel *models.NotifyChannelConfig, messageTemplate *models.MessageTemplate) {
 	if len(events) == 0 {
 		logger.Errorf("notify_id: %d events is empty", notifyRuleId)
 		return
 	}
 
+	siteInfo := configCvalCache.GetSiteInfo()
 	tplContent := make(map[string]interface{})
 	if notifyChannel.RequestType != "flashduty" {
-		tplContent = messageTemplate.RenderEvent(events)
+		tplContent = messageTemplate.RenderEvent(events, siteInfo.SiteUrl)
 	}
 
 	var contactKey string
@@ -461,10 +527,7 @@ func (e *Dispatch) sendV2(events []*models.AlertCurEvent, notifyRuleId int64, no
 		contactKey = notifyChannel.ParamConfig.UserInfo.ContactKey
 	}
 
-	sendtos, flashDutyChannelIDs, customParams := GetNotifyConfigParams(notifyConfig, contactKey, e.userCache, e.userGroupCache)
-
-	e.Astats.GaugeNotifyRecordQueueSize.Inc()
-	defer e.Astats.GaugeNotifyRecordQueueSize.Dec()
+	sendtos, flashDutyChannelIDs, pagerdutyRoutingKeys, customParams := GetNotifyConfigParams(notifyConfig, contactKey, userCache, userGroupCache)
 
 	switch notifyChannel.RequestType {
 	case "flashduty":
@@ -474,10 +537,19 @@ func (e *Dispatch) sendV2(events []*models.AlertCurEvent, notifyRuleId int64, no
 
 		for i := range flashDutyChannelIDs {
 			start := time.Now()
-			respBody, err := notifyChannel.SendFlashDuty(events, flashDutyChannelIDs[i], e.notifyChannelCache.GetHttpClient(notifyChannel.ID))
+			respBody, err := notifyChannel.SendFlashDuty(events, flashDutyChannelIDs[i], notifyChannelCache.GetHttpClient(notifyChannel.ID))
 			respBody = fmt.Sprintf("duration: %d ms %s", time.Since(start).Milliseconds(), respBody)
-			logger.Infof("notify_id: %d, channel_name: %v, event:%+v, IntegrationUrl: %v dutychannel_id: %v, respBody: %v, err: %v", notifyRuleId, notifyChannel.Name, events[0], notifyChannel.RequestConfig.FlashDutyRequestConfig.IntegrationUrl, flashDutyChannelIDs[i], respBody, err)
-			sender.NotifyRecord(e.ctx, events, notifyRuleId, notifyChannel.Name, strconv.FormatInt(flashDutyChannelIDs[i], 10), respBody, err)
+			logger.Infof("duty_sender notify_id: %d, channel_name: %v, event:%+v, IntegrationUrl: %v dutychannel_id: %v, respBody: %v, err: %v", notifyRuleId, notifyChannel.Name, events[0], notifyChannel.RequestConfig.FlashDutyRequestConfig.IntegrationUrl, flashDutyChannelIDs[i], respBody, err)
+			sender.NotifyRecord(ctx, events, notifyRuleId, notifyChannel.Name, strconv.FormatInt(flashDutyChannelIDs[i], 10), respBody, err)
+		}
+
+	case "pagerduty":
+		for _, routingKey := range pagerdutyRoutingKeys {
+			start := time.Now()
+			respBody, err := notifyChannel.SendPagerDuty(events, routingKey, siteInfo.SiteUrl, notifyChannelCache.GetHttpClient(notifyChannel.ID))
+			respBody = fmt.Sprintf("duration: %d ms %s", time.Since(start).Milliseconds(), respBody)
+			logger.Infof("pagerduty_sender notify_id: %d, channel_name: %v, event:%+v, respBody: %v, err: %v", notifyRuleId, notifyChannel.Name, events[0], respBody, err)
+			sender.NotifyRecord(ctx, events, notifyRuleId, notifyChannel.Name, "", respBody, err)
 		}
 
 	case "http":
@@ -493,22 +565,22 @@ func (e *Dispatch) sendV2(events []*models.AlertCurEvent, notifyRuleId int64, no
 		}
 
 		// 将任务加入队列
-		success := e.notifyChannelCache.EnqueueNotifyTask(task)
+		success := notifyChannelCache.EnqueueNotifyTask(task)
 		if !success {
 			logger.Errorf("failed to enqueue notify task for channel %d, notify_id: %d", notifyChannel.ID, notifyRuleId)
 			// 如果入队失败，记录错误通知
-			sender.NotifyRecord(e.ctx, events, notifyRuleId, notifyChannel.Name, getSendTarget(customParams, sendtos), "", errors.New("failed to enqueue notify task, queue is full"))
+			sender.NotifyRecord(ctx, events, notifyRuleId, notifyChannel.Name, getSendTarget(customParams, sendtos), "", errors.New("failed to enqueue notify task, queue is full"))
 		}
 
 	case "smtp":
-		notifyChannel.SendEmail(notifyRuleId, events, tplContent, sendtos, e.notifyChannelCache.GetSmtpClient(notifyChannel.ID))
+		notifyChannel.SendEmail(notifyRuleId, events, tplContent, sendtos, notifyChannelCache.GetSmtpClient(notifyChannel.ID))
 
 	case "script":
 		start := time.Now()
 		target, res, err := notifyChannel.SendScript(events, tplContent, customParams, sendtos)
 		res = fmt.Sprintf("duration: %d ms %s", time.Since(start).Milliseconds(), res)
-		logger.Infof("notify_id: %d, channel_name: %v, event:%+v, tplContent:%s, customParams:%v, target:%s, res:%s, err:%v", notifyRuleId, notifyChannel.Name, events[0], tplContent, customParams, target, res, err)
-		sender.NotifyRecord(e.ctx, events, notifyRuleId, notifyChannel.Name, target, res, err)
+		logger.Infof("script_sender notify_id: %d, channel_name: %v, event:%+v, tplContent:%s, customParams:%v, target:%s, res:%s, err:%v", notifyRuleId, notifyChannel.Name, events[0], tplContent, customParams, target, res, err)
+		sender.NotifyRecord(ctx, events, notifyRuleId, notifyChannel.Name, target, res, err)
 	default:
 		logger.Warningf("notify_id: %d, channel_name: %v, event:%+v send type not found", notifyRuleId, notifyChannel.Name, events[0])
 	}
@@ -523,6 +595,11 @@ func NeedBatchContacts(requestConfig *models.HTTPRequestConfig) bool {
 // event: 告警/恢复事件
 // isSubscribe: 告警事件是否由subscribe的配置产生
 func (e *Dispatch) HandleEventNotify(event *models.AlertCurEvent, isSubscribe bool) {
+	go e.HandleEventWithNotifyRule(event)
+	if event.IsRecovered && event.NotifyRecovered == 0 {
+		return
+	}
+
 	rule := e.alertRuleCache.Get(event.RuleId)
 	if rule == nil {
 		return
@@ -555,7 +632,6 @@ func (e *Dispatch) HandleEventNotify(event *models.AlertCurEvent, isSubscribe bo
 		notifyTarget.AndMerge(handler(rule, event, notifyTarget, e))
 	}
 
-	go e.HandleEventWithNotifyRule(event)
 	go e.Send(rule, event, notifyTarget, isSubscribe)
 
 	// 如果是不是订阅规则出现的event, 则需要处理订阅规则的event
@@ -749,12 +825,12 @@ func (e *Dispatch) HandleIbex(rule *models.AlertRule, event *models.AlertCurEven
 
 		if len(t.Host) == 0 {
 			sender.CallIbex(e.ctx, t.TplId, event.TargetIdent,
-				e.taskTplsCache, e.targetCache, e.userCache, event)
+				e.taskTplsCache, e.targetCache, e.userCache, event, "")
 			continue
 		}
 		for _, host := range t.Host {
 			sender.CallIbex(e.ctx, t.TplId, host,
-				e.taskTplsCache, e.targetCache, e.userCache, event)
+				e.taskTplsCache, e.targetCache, e.userCache, event, "")
 		}
 	}
 }

alert/eval/eval.go

@@ -151,7 +151,7 @@ func (arw *AlertRuleWorker) Eval() {
 		if len(message) == 0 {
 			logger.Infof("rule_eval:%s finished, duration:%v", arw.Key(), time.Since(begin))
 		} else {
-			logger.Infof("rule_eval:%s finished, duration:%v, message:%s", arw.Key(), time.Since(begin), message)
+			logger.Warningf("rule_eval:%s finished, duration:%v, message:%s", arw.Key(), time.Since(begin), message)
 		}
 	}()
 
@@ -186,8 +186,7 @@ func (arw *AlertRuleWorker) Eval() {
 	}
 
 	if err != nil {
-		logger.Errorf("rule_eval:%s get anomaly point err:%s", arw.Key(), err.Error())
-		message = "failed to get anomaly points"
+		message = fmt.Sprintf("failed to get anomaly points: %v", err)
 		return
 	}
 
@@ -286,7 +285,7 @@ func (arw *AlertRuleWorker) GetPromAnomalyPoint(ruleConfig string) ([]models.Ano
 			continue
 		}
 
-		if query.VarEnabled {
+		if query.VarEnabled && strings.Contains(query.PromQl, "$") {
 			var anomalyPoints []models.AnomalyPoint
 			if hasLabelLossAggregator(query) || notExactMatch(query) {
 				// 若有聚合函数或非精确匹配则需要先填充变量然后查询，这个方式效率较低
@@ -1077,15 +1076,15 @@ func exclude(reHashTagIndex1 map[uint64][][]uint64, reHashTagIndex2 map[uint64][
 
 func MakeSeriesMap(series []models.DataResp, seriesTagIndex map[uint64][]uint64, seriesStore map[uint64]models.DataResp) {
 	for i := 0; i < len(series); i++ {
-		serieHash := hash.GetHash(series[i].Metric, series[i].Ref)
+		seriesHash := hash.GetHash(series[i].Metric, series[i].Ref)
 		tagHash := hash.GetTagHash(series[i].Metric)
-		seriesStore[serieHash] = series[i]
+		seriesStore[seriesHash] = series[i]
 
 		// 将曲线按照相同的 tag 分组
 		if _, exists := seriesTagIndex[tagHash]; !exists {
 			seriesTagIndex[tagHash] = make([]uint64, 0)
 		}
-		seriesTagIndex[tagHash] = append(seriesTagIndex[tagHash], serieHash)
+		seriesTagIndex[tagHash] = append(seriesTagIndex[tagHash], seriesHash)
 	}
 }
 
@@ -1508,15 +1507,15 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)
 			//  此条日志很重要，是告警判断的现场值
 			logger.Infof("rule_eval rid:%d req:%+v resp:%v", rule.Id, query, series)
 			for i := 0; i < len(series); i++ {
-				serieHash := hash.GetHash(series[i].Metric, series[i].Ref)
+				seriesHash := hash.GetHash(series[i].Metric, series[i].Ref)
 				tagHash := hash.GetTagHash(series[i].Metric)
-				seriesStore[serieHash] = series[i]
+				seriesStore[seriesHash] = series[i]
 
 				// 将曲线按照相同的 tag 分组
 				if _, exists := seriesTagIndex[tagHash]; !exists {
 					seriesTagIndex[tagHash] = make([]uint64, 0)
 				}
-				seriesTagIndex[tagHash] = append(seriesTagIndex[tagHash], serieHash)
+				seriesTagIndex[tagHash] = append(seriesTagIndex[tagHash], seriesHash)
 			}
 			ref, err := GetQueryRef(query)
 			if err != nil {
@@ -1550,8 +1549,8 @@ func (arw *AlertRuleWorker) GetAnomalyPoint(rule *models.AlertRule, dsId int64)
 					var ts int64
 					var sample models.DataResp
 					var value float64
-					for _, serieHash := range seriesHash {
-						series, exists := seriesStore[serieHash]
+					for _, seriesHash := range seriesHash {
+						series, exists := seriesStore[seriesHash]
 						if !exists {
 							logger.Warningf("rule_eval rid:%d series:%+v not found", rule.Id, series)
 							continue

alert/mute/mute.go

@@ -1,6 +1,7 @@
 package mute
 
 import (
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@@ -153,13 +154,7 @@ func MatchMute(event *models.AlertCurEvent, mute *models.AlertMute, clock ...int
 
 	// 如果不是全局的，判断 匹配的 datasource id
 	if len(mute.DatasourceIdsJson) != 0 && mute.DatasourceIdsJson[0] != 0 && event.DatasourceId != 0 {
-		idm := make(map[int64]struct{}, len(mute.DatasourceIdsJson))
-		for i := 0; i < len(mute.DatasourceIdsJson); i++ {
-			idm[mute.DatasourceIdsJson[i]] = struct{}{}
-		}
-
-		// 判断 event.datasourceId 是否包含在 idm 中
-		if _, has := idm[event.DatasourceId]; !has {
+		if !slices.Contains(mute.DatasourceIdsJson, event.DatasourceId) {
 			return false, errors.New("datasource id not match")
 		}
 	}
@@ -198,7 +193,7 @@ func MatchMute(event *models.AlertCurEvent, mute *models.AlertMute, clock ...int
 		return false, errors.New("event severity not match mute severity")
 	}
 
-	if mute.ITags == nil || len(mute.ITags) == 0 {
+	if len(mute.ITags) == 0 {
 		return true, nil
 	}
 	if !common.MatchTags(event.TagsMap, mute.ITags) {

alert/naming/heartbeat.go

@@ -115,7 +115,7 @@ func (n *Naming) heartbeat() error {
 		newDatasource[datasourceIds[i]] = struct{}{}
 		servers, err := n.ActiveServers(datasourceIds[i])
 		if err != nil {
-			logger.Warningf("hearbeat %d get active server err:%v", datasourceIds[i], err)
+			logger.Warningf("heartbeat %d get active server err:%v", datasourceIds[i], err)
 			n.astats.CounterHeartbeatErrorTotal.WithLabelValues().Inc()
 			continue
 		}
@@ -148,7 +148,7 @@ func (n *Naming) heartbeat() error {
 
 	servers, err := n.ActiveServersByEngineName()
 	if err != nil {
-		logger.Warningf("hearbeat %d get active server err:%v", HostDatasource, err)
+		logger.Warningf("heartbeat %d get active server err:%v", HostDatasource, err)
 		n.astats.CounterHeartbeatErrorTotal.WithLabelValues().Inc()
 		return nil
 	}

alert/process/process.go

@@ -26,8 +26,6 @@ import (
 	"github.com/toolkits/pkg/str"
 )
 
-type EventMuteHookFunc func(event *models.AlertCurEvent) bool
-
 type ExternalProcessorsType struct {
 	ExternalLock sync.RWMutex
 	Processors   map[string]*Processor
@@ -76,7 +74,6 @@ type Processor struct {
 
 	HandleFireEventHook    HandleEventFunc
 	HandleRecoverEventHook HandleEventFunc
-	EventMuteHook          EventMuteHookFunc
 
 	ScheduleEntry    cron.Entry
 	PromEvalInterval int
@@ -121,7 +118,6 @@ func NewProcessor(engineName string, rule *models.AlertRule, datasourceId int64,
 
 		HandleFireEventHook:    func(event *models.AlertCurEvent) {},
 		HandleRecoverEventHook: func(event *models.AlertCurEvent) {},
-		EventMuteHook:          func(event *models.AlertCurEvent) bool { return false },
 	}
 
 	p.mayHandleGroup()
@@ -135,7 +131,7 @@ func (p *Processor) Handle(anomalyPoints []models.AnomalyPoint, from string, inh
 	p.inhibit = inhibit
 	cachedRule := p.alertRuleCache.Get(p.rule.Id)
 	if cachedRule == nil {
-		logger.Errorf("rule not found %+v", anomalyPoints)
+		logger.Warningf("process handle error: rule not found %+v rule_id:%d maybe rule has been deleted", anomalyPoints, p.rule.Id)
 		p.Stats.CounterRuleEvalErrorTotal.WithLabelValues(fmt.Sprintf("%v", p.DatasourceId()), "handle_event", p.BusiGroupCache.GetNameByBusiGroupId(p.rule.GroupId), fmt.Sprintf("%v", p.rule.Id)).Inc()
 		return
 	}
@@ -155,9 +151,19 @@ func (p *Processor) Handle(anomalyPoints []models.AnomalyPoint, from string, inh
 		// 如果 event 被 mute 了,本质也是 fire 的状态,这里无论如何都添加到 alertingKeys 中,防止 fire 的事件自动恢复了
 		hash := event.Hash
 		alertingKeys[hash] = struct{}{}
+
+		// event processor
+		eventCopy := event.DeepCopy()
+		event = dispatch.HandleEventPipeline(cachedRule.PipelineConfigs, eventCopy, event, dispatch.EventProcessorCache, p.ctx, cachedRule.Id, "alert_rule")
+		if event == nil {
+			logger.Infof("rule_eval:%s is muted drop by pipeline event:%v", p.Key(), eventCopy)
+			continue
+		}
+
+		// event mute
 		isMuted, detail, muteId := mute.IsMuted(cachedRule, event, p.TargetCache, p.alertMuteCache)
 		if isMuted {
-			logger.Debugf("rule_eval:%s event:%v is muted, detail:%s", p.Key(), event, detail)
+			logger.Infof("rule_eval:%s is muted, detail:%s event:%v", p.Key(), detail, event)
 			p.Stats.CounterMuteTotal.WithLabelValues(
 				fmt.Sprintf("%v", event.GroupName),
 				fmt.Sprintf("%v", p.rule.Id),
@@ -167,8 +173,8 @@ func (p *Processor) Handle(anomalyPoints []models.AnomalyPoint, from string, inh
 			continue
 		}
 
-		if p.EventMuteHook(event) {
-			logger.Debugf("rule_eval:%s event:%v is muted by hook", p.Key(), event)
+		if dispatch.EventMuteHook(event) {
+			logger.Infof("rule_eval:%s is muted by hook event:%v", p.Key(), event)
 			p.Stats.CounterMuteTotal.WithLabelValues(
 				fmt.Sprintf("%v", event.GroupName),
 				fmt.Sprintf("%v", p.rule.Id),

alert/router/router_event.go

@@ -25,6 +25,7 @@ func (rt *Router) pushEventToQueue(c *gin.Context) {
 	if event.RuleId == 0 {
 		ginx.Bomb(200, "event is illegal")
 	}
+	event.FE2DB()
 
 	event.TagsMap = make(map[string]string)
 	for i := 0; i < len(event.TagsJSON); i++ {
@@ -40,7 +41,7 @@ func (rt *Router) pushEventToQueue(c *gin.Context) {
 
 		event.TagsMap[arr[0]] = arr[1]
 	}
-	hit, _ :=  mute.EventMuteStrategy(event, rt.AlertMuteCache)
+	hit, _ := mute.EventMuteStrategy(event, rt.AlertMuteCache)
 	if hit {
 		logger.Infof("event_muted: rule_id=%d %s", event.RuleId, event.Hash)
 		ginx.NewRender(c).Message(nil)

alert/sender/callback.go

@@ -143,7 +143,7 @@ func doSendAndRecord(ctx *ctx.Context, url, token string, body interface{}, chan
 
 func NotifyRecord(ctx *ctx.Context, evts []*models.AlertCurEvent, notifyRuleID int64, channel, target, res string, err error) {
 	// 一个通知可能对应多个 event，都需要记录
-	notis := make([]*models.NotificaitonRecord, 0, len(evts))
+	notis := make([]*models.NotificationRecord, 0, len(evts))
 	for _, evt := range evts {
 		noti := models.NewNotificationRecord(evt, notifyRuleID, channel, target)
 		if err != nil {

alert/sender/email.go

@@ -141,7 +141,7 @@ func updateSmtp(ctx *ctx.Context, ncc *memsto.NotifyConfigCacheType) {
 func startEmailSender(ctx *ctx.Context, smtp aconf.SMTPConfig) {
 	conf := smtp
 	if conf.Host == "" || conf.Port == 0 {
-		logger.Warning("SMTP configurations invalid")
+		logger.Debug("SMTP configurations invalid")
 		<-mailQuit
 		return
 	}

alert/sender/ibex.go

@@ -86,30 +86,33 @@ func (c *IbexCallBacker) handleIbex(ctx *ctx.Context, url string, event *models.
 		return
 	}
 
-	CallIbex(ctx, id, host, c.taskTplCache, c.targetCache, c.userCache, event)
+	CallIbex(ctx, id, host, c.taskTplCache, c.targetCache, c.userCache, event, "")
 }
 
 func CallIbex(ctx *ctx.Context, id int64, host string,
 	taskTplCache *memsto.TaskTplCache, targetCache *memsto.TargetCacheType,
-	userCache *memsto.UserCacheType, event *models.AlertCurEvent) {
-	logger.Infof("event_callback_ibex: id: %d, host: %s, event: %+v", id, host, event)
+	userCache *memsto.UserCacheType, event *models.AlertCurEvent, args string) (int64, error) {
+	logger.Infof("event_callback_ibex: id: %d, host: %s, args: %s, event: %+v", id, host, args, event)
 
 	tpl := taskTplCache.Get(id)
 	if tpl == nil {
-		logger.Errorf("event_callback_ibex: no such tpl(%d), event: %+v", id, event)
-		return
+		err := fmt.Errorf("event_callback_ibex: no such tpl(%d), event: %+v", id, event)
+		logger.Errorf("%s", err)
+		return 0, err
 	}
 	// check perm
 	// tpl.GroupId - host - account 三元组校验权限
-	can, err := canDoIbex(tpl.UpdateBy, tpl, host, targetCache, userCache)
+	can, err := CanDoIbex(tpl.UpdateBy, tpl, host, targetCache, userCache)
 	if err != nil {
-		logger.Errorf("event_callback_ibex: check perm fail: %v, event: %+v", err, event)
-		return
+		err = fmt.Errorf("event_callback_ibex: check perm fail: %v, event: %+v", err, event)
+		logger.Errorf("%s", err)
+		return 0, err
 	}
 
 	if !can {
-		logger.Errorf("event_callback_ibex: user(%s) no permission, event: %+v", tpl.UpdateBy, event)
-		return
+		err = fmt.Errorf("event_callback_ibex: user(%s) no permission, event: %+v", tpl.UpdateBy, event)
+		logger.Errorf("%s", err)
+		return 0, err
 	}
 
 	tagsMap := make(map[string]string)
@@ -133,11 +136,16 @@ func CallIbex(ctx *ctx.Context, id int64, host string,
 
 	tags, err := json.Marshal(tagsMap)
 	if err != nil {
-		logger.Errorf("event_callback_ibex: failed to marshal tags to json: %v, event: %+v", tagsMap, event)
-		return
+		err = fmt.Errorf("event_callback_ibex: failed to marshal tags to json: %v, event: %+v", tagsMap, event)
+		logger.Errorf("%s", err)
+		return 0, err
 	}
 
 	// call ibex
+	taskArgs := tpl.Args
+	if args != "" {
+		taskArgs = args
+	}
 	in := models.TaskForm{
 		Title:          tpl.Title + " FH: " + host,
 		Account:        tpl.Account,
@@ -146,7 +154,7 @@ func CallIbex(ctx *ctx.Context, id int64, host string,
 		Timeout:        tpl.Timeout,
 		Pause:          tpl.Pause,
 		Script:         tpl.Script,
-		Args:           tpl.Args,
+		Args:           taskArgs,
 		Stdin:          string(tags),
 		Action:         "start",
 		Creator:        tpl.UpdateBy,
@@ -156,8 +164,9 @@ func CallIbex(ctx *ctx.Context, id int64, host string,
 
 	id, err = TaskAdd(in, tpl.UpdateBy, ctx.IsCenter)
 	if err != nil {
-		logger.Errorf("event_callback_ibex: call ibex fail: %v, event: %+v", err, event)
-		return
+		err = fmt.Errorf("event_callback_ibex: call ibex fail: %v, event: %+v", err, event)
+		logger.Errorf("%s", err)
+		return 0, err
 	}
 
 	// write db
@@ -178,11 +187,14 @@ func CallIbex(ctx *ctx.Context, id int64, host string,
 	}
 
 	if err = record.Add(ctx); err != nil {
-		logger.Errorf("event_callback_ibex: persist task_record fail: %v, event: %+v", err, event)
+		err = fmt.Errorf("event_callback_ibex: persist task_record fail: %v, event: %+v", err, event)
+		logger.Errorf("%s", err)
+		return id, err
 	}
+	return id, nil
 }
 
-func canDoIbex(username string, tpl *models.TaskTpl, host string, targetCache *memsto.TargetCacheType, userCache *memsto.UserCacheType) (bool, error) {
+func CanDoIbex(username string, tpl *models.TaskTpl, host string, targetCache *memsto.TargetCacheType, userCache *memsto.UserCacheType) (bool, error) {
 	user := userCache.GetByUsername(username)
 	if user != nil && user.IsAdmin() {
 		return true, nil

alert/sender/notify_record_queue.go

@@ -24,7 +24,7 @@ func ReportNotifyRecordQueueSize(stats *astats.Stats) {
 
 // 推送通知记录到队列
 // 若队列满 则返回 error
-func PushNotifyRecords(records []*models.NotificaitonRecord) error {
+func PushNotifyRecords(records []*models.NotificationRecord) error {
 	for _, record := range records {
 		if ok := NotifyRecordQueue.PushFront(record); !ok {
 			logger.Warningf("notify record queue is full, record: %+v", record)
@@ -59,16 +59,16 @@ func (c *NotifyRecordConsumer) LoopConsume() {
 		}
 
 		// 类型转换，不然 CreateInBatches 会报错
-		notis := make([]*models.NotificaitonRecord, 0, len(inotis))
+		notis := make([]*models.NotificationRecord, 0, len(inotis))
 		for _, inoti := range inotis {
-			notis = append(notis, inoti.(*models.NotificaitonRecord))
+			notis = append(notis, inoti.(*models.NotificationRecord))
 		}
 
 		c.consume(notis)
 	}
 }
 
-func (c *NotifyRecordConsumer) consume(notis []*models.NotificaitonRecord) {
+func (c *NotifyRecordConsumer) consume(notis []*models.NotificationRecord) {
 	if err := models.DB(c.ctx).CreateInBatches(notis, 100).Error; err != nil {
 		logger.Errorf("add notis:%v failed, err: %v", notis, err)
 	}

alert/sender/plugin.go

@@ -35,7 +35,7 @@ func alertingCallScript(ctx *ctx.Context, stdinBytes []byte, notifyScript models
 
 	channel := "script"
 	stats.AlertNotifyTotal.WithLabelValues(channel).Inc()
-	fpath := ".notify_scriptt"
+	fpath := ".notify_script"
 	if config.Type == 1 {
 		fpath = config.Content
 	} else {

alert/sender/webhook.go

@@ -13,10 +13,53 @@ import (
 	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/poster"
 
 	"github.com/toolkits/pkg/logger"
 )
 
+// webhookClientCache 缓存 http.Client，避免每次请求都创建新的 Client 导致连接泄露
+var webhookClientCache sync.Map // key: clientKey (string), value: *http.Client
+
+// 相同配置的 webhook 会复用同一个 Client
+func getWebhookClient(webhook *models.Webhook) *http.Client {
+	clientKey := webhook.Hash()
+
+	if client, ok := webhookClientCache.Load(clientKey); ok {
+		return client.(*http.Client)
+	}
+
+	// 创建新的 Client
+	transport := &http.Transport{
+		TLSClientConfig:     &tls.Config{InsecureSkipVerify: webhook.SkipVerify},
+		MaxIdleConns:        100,
+		MaxIdleConnsPerHost: 10,
+		IdleConnTimeout:     90 * time.Second,
+	}
+
+	if poster.UseProxy(webhook.Url) {
+		transport.Proxy = http.ProxyFromEnvironment
+	}
+
+	timeout := webhook.Timeout
+	if timeout <= 0 {
+		timeout = 10
+	}
+
+	newClient := &http.Client{
+		Timeout:   time.Duration(timeout) * time.Second,
+		Transport: transport,
+	}
+
+	// 使用 LoadOrStore 确保并发安全，避免重复创建
+	actual, loaded := webhookClientCache.LoadOrStore(clientKey, newClient)
+	if loaded {
+		return actual.(*http.Client)
+	}
+
+	return newClient
+}
+
 func sendWebhook(webhook *models.Webhook, event interface{}, stats *astats.Stats) (bool, string, error) {
 	channel := "webhook"
 	if webhook.Type == models.RuleCallback {
@@ -37,7 +80,7 @@ func sendWebhook(webhook *models.Webhook, event interface{}, stats *astats.Stats
 
 	req, err := http.NewRequest("POST", conf.Url, bf)
 	if err != nil {
-		logger.Warningf("%s alertingWebhook failed to new reques event:%s err:%v", channel, string(bs), err)
+		logger.Warningf("%s alertingWebhook failed to new request event:%s err:%v", channel, string(bs), err)
 		return true, "", err
 	}
 
@@ -55,25 +98,13 @@ func sendWebhook(webhook *models.Webhook, event interface{}, stats *astats.Stats
 			req.Header.Set(conf.Headers[i], conf.Headers[i+1])
 		}
 	}
-	insecureSkipVerify := false
-	if webhook != nil {
-		insecureSkipVerify = webhook.SkipVerify
-	}
-
-	if conf.Client == nil {
-		logger.Warningf("event_%s, event:%s, url: [%s], error: [%s]", channel, string(bs), conf.Url, "client is nil")
-		conf.Client = &http.Client{
-			Timeout: time.Duration(conf.Timeout) * time.Second,
-			Transport: &http.Transport{
-				TLSClientConfig: &tls.Config{InsecureSkipVerify: insecureSkipVerify},
-			},
-		}
-	}
+	// 使用全局 Client 缓存，避免每次请求都创建新的 Client 导致连接泄露
+	client := getWebhookClient(conf)
 
 	stats.AlertNotifyTotal.WithLabelValues(channel).Inc()
 	var resp *http.Response
 	var body []byte
-	resp, err = conf.Client.Do(req)
+	resp, err = client.Do(req)
 
 	if err != nil {
 		stats.AlertNotifyErrorTotal.WithLabelValues(channel).Inc()

center/cconf/conf.go

@@ -1,6 +1,10 @@
 package cconf
 
-import "time"
+import (
+	"time"
+
+	"github.com/ccfos/nightingale/v6/pkg/httpx"
+)
 
 type Center struct {
 	Plugins                []Plugin
@@ -15,6 +19,7 @@ type Center struct {
 	EventHistoryGroupView  bool
 	CleanNotifyRecordDay   int
 	MigrateBusiGroupLabel  bool
+	RSA                    httpx.RSAConfig
 }
 
 type Plugin struct {

center/cconf/plugin.go

@@ -55,4 +55,10 @@ var Plugins = []Plugin{
 		Type:     "opensearch",
 		TypeName: "OpenSearch",
 	},
+	{
+		Id:       10,
+		Category: "logging",
+		Type:     "victorialogs",
+		TypeName: "VictoriaLogs",
+	},
 }

center/center.go

@@ -2,10 +2,13 @@ package center
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 
 	"github.com/ccfos/nightingale/v6/dscache"
 
+	"github.com/toolkits/pkg/logger"
+
 	"github.com/ccfos/nightingale/v6/alert"
 	"github.com/ccfos/nightingale/v6/alert/astats"
 	"github.com/ccfos/nightingale/v6/alert/dispatch"
@@ -96,6 +99,9 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 		models.MigrateEP(ctx)
 	}
 
+	// 初始化 siteUrl，如果为空则设置默认值
+	InitSiteUrl(ctx, config.Alert.Heartbeat.IP, config.HTTP.Port)
+
 	configCache := memsto.NewConfigCache(ctx, syncStats, config.HTTP.RSA.RSAPrivateKey, config.HTTP.RSA.RSAPassWord)
 	busiGroupCache := memsto.NewBusiGroupCache(ctx, syncStats)
 	targetCache := memsto.NewTargetCache(ctx, syncStats, redis)
@@ -121,7 +127,7 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 
 	macros.RegisterMacro(macros.MacroInVain)
 	dscache.Init(ctx, false)
-	alert.Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache, alertRuleCache, notifyConfigCache, taskTplCache, dsCache, ctx, promClients, userCache, userGroupCache, notifyRuleCache, notifyChannelCache, messageTemplateCache)
+	alert.Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache, alertRuleCache, notifyConfigCache, taskTplCache, dsCache, ctx, promClients, userCache, userGroupCache, notifyRuleCache, notifyChannelCache, messageTemplateCache, configCvalCache)
 
 	writers := writer.NewWriters(config.Pushgw)
 
@@ -159,3 +165,67 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 		httpClean()
 	}, nil
 }
+
+// initSiteUrl 初始化 site_info 中的 site_url，如果为空则使用服务器IP和端口设置默认值
+func InitSiteUrl(ctx *ctx.Context, serverIP string, serverPort int) {
+	// 构造默认的 SiteUrl
+	defaultSiteUrl := fmt.Sprintf("http://%s:%d", serverIP, serverPort)
+
+	// 获取现有的 site_info 配置
+	siteInfoStr, err := models.ConfigsGet(ctx, "site_info")
+	if err != nil {
+		logger.Errorf("failed to get site_info config: %v", err)
+		return
+	}
+
+	// 如果 site_info 不存在，创建新的
+	if siteInfoStr == "" {
+		newSiteInfo := memsto.SiteInfo{
+			SiteUrl: defaultSiteUrl,
+		}
+		siteInfoBytes, err := json.Marshal(newSiteInfo)
+		if err != nil {
+			logger.Errorf("failed to marshal site_info: %v", err)
+			return
+		}
+
+		err = models.ConfigsSet(ctx, "site_info", string(siteInfoBytes))
+		if err != nil {
+			logger.Errorf("failed to set site_info: %v", err)
+			return
+		}
+
+		logger.Infof("initialized site_url with default value: %s", defaultSiteUrl)
+		return
+	}
+
+	// 检查现有的 site_info 中的 site_url 字段
+	var existingSiteInfo memsto.SiteInfo
+	err = json.Unmarshal([]byte(siteInfoStr), &existingSiteInfo)
+	if err != nil {
+		logger.Errorf("failed to unmarshal site_info: %v", err)
+		return
+	}
+
+	// 如果 site_url 已经有值，则不需要初始化
+	if existingSiteInfo.SiteUrl != "" {
+		return
+	}
+
+	// 设置 site_url
+	existingSiteInfo.SiteUrl = defaultSiteUrl
+
+	siteInfoBytes, err := json.Marshal(existingSiteInfo)
+	if err != nil {
+		logger.Errorf("failed to marshal updated site_info: %v", err)
+		return
+	}
+
+	err = models.ConfigsSet(ctx, "site_info", string(siteInfoBytes))
+	if err != nil {
+		logger.Errorf("failed to update site_info: %v", err)
+		return
+	}
+
+	logger.Infof("initialized site_url with default value: %s", defaultSiteUrl)
+}

center/integration/init.go

@@ -22,7 +22,7 @@ const SYSTEM = "system"
 var BuiltinPayloadInFile *BuiltinPayloadInFileType
 
 type BuiltinPayloadInFileType struct {
-	Data      map[uint64]map[string]map[string][]*models.BuiltinPayload // map[componet_id]map[type]map[cate][]*models.BuiltinPayload
+	Data      map[uint64]map[string]map[string][]*models.BuiltinPayload // map[component_id]map[type]map[cate][]*models.BuiltinPayload
 	IndexData map[int64]*models.BuiltinPayload                          // map[uuid]payload
 
 	BuiltinMetrics map[string]*models.BuiltinMetric
@@ -124,13 +124,13 @@ func Init(ctx *ctx.Context, builtinIntegrationsDir string) {
 			component.ID = old.ID
 		}
 
-		// delete uuid is emtpy
+		// delete uuid is empty
 		err = models.DB(ctx).Exec("delete from builtin_payloads where uuid = 0 and type != 'collect' and (updated_by = 'system' or updated_by = '')").Error
 		if err != nil {
 			logger.Warning("delete builtin payloads fail ", err)
 		}
 
-		// delete builtin metrics uuid is emtpy
+		// delete builtin metrics uuid is empty
 		err = models.DB(ctx).Exec("delete from builtin_metrics where uuid = 0 and (updated_by = 'system' or updated_by = '')").Error
 		if err != nil {
 			logger.Warning("delete builtin metrics fail ", err)
@@ -239,6 +239,7 @@ func Init(ctx *ctx.Context, builtinIntegrationsDir string) {
 					Cate:        "",
 					Name:        dashboard.Name,
 					Tags:        dashboard.Tags,
+					Note:        dashboard.Note,
 					Content:     string(content),
 					UUID:        dashboard.UUID,
 					ID:          dashboard.UUID,
@@ -293,6 +294,7 @@ type BuiltinBoard struct {
 	Name       string      `json:"name"`
 	Ident      string      `json:"ident"`
 	Tags       string      `json:"tags"`
+	Note       string      `json:"note"`
 	CreateAt   int64       `json:"create_at"`
 	CreateBy   string      `json:"create_by"`
 	UpdateAt   int64       `json:"update_at"`
@@ -331,6 +333,30 @@ func (b *BuiltinPayloadInFileType) AddBuiltinPayload(bp *models.BuiltinPayload)
 	b.IndexData[bp.UUID] = bp
 }
 
+func (b *BuiltinPayloadInFileType) GetComponentIdentByCate(typ, cate string) string {
+
+	for _, source := range b.Data {
+		if source == nil {
+			continue
+		}
+
+		typeMap, exists := source[typ]
+		if !exists {
+			continue
+		}
+
+		payloads, exists := typeMap[cate]
+		if !exists {
+			continue
+		}
+
+		if len(payloads) > 0 {
+			return payloads[0].Component
+		}
+	}
+	return ""
+}
+
 func (b *BuiltinPayloadInFileType) GetBuiltinPayload(typ, cate, query string, componentId uint64) ([]*models.BuiltinPayload, error) {
 
 	var result []*models.BuiltinPayload
@@ -593,7 +619,7 @@ func convertBuiltinMetricByDB(metricsInDB []*models.BuiltinMetric) map[string]*m
 		})
 
 		currentBuiltinMetric := builtinMetrics[0]
-		// User have no customed translation, so we can merge it
+		// User has no customized translation, so we can merge it
 		if len(currentBuiltinMetric.Translation) == 0 {
 			translationMap := make(map[string]models.Translation)
 			for _, bm := range builtinMetrics {

center/router/router.go

@@ -211,8 +211,8 @@ func (rt *Router) Config(r *gin.Engine) {
 			pages.GET("/datasource/brief", rt.auth(), rt.user(), rt.datasourceBriefs)
 			pages.POST("/datasource/query", rt.auth(), rt.user(), rt.datasourceQuery)
 
-			pages.POST("/ds-query", rt.auth(), rt.QueryData)
-			pages.POST("/logs-query", rt.auth(), rt.QueryLogV2)
+			pages.POST("/ds-query", rt.auth(), rt.user(), rt.QueryData)
+			pages.POST("/logs-query", rt.auth(), rt.user(), rt.QueryLogV2)
 
 			pages.POST("/tdengine-databases", rt.auth(), rt.tdengineDatabases)
 			pages.POST("/tdengine-tables", rt.auth(), rt.tdengineTables)
@@ -250,9 +250,11 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.GET("/auth/redirect", rt.loginRedirect)
 		pages.GET("/auth/redirect/cas", rt.loginRedirectCas)
 		pages.GET("/auth/redirect/oauth", rt.loginRedirectOAuth)
+		pages.GET("/auth/redirect/dingtalk", rt.loginRedirectDingTalk)
 		pages.GET("/auth/callback", rt.loginCallback)
 		pages.GET("/auth/callback/cas", rt.loginCallbackCas)
 		pages.GET("/auth/callback/oauth", rt.loginCallbackOAuth)
+		pages.GET("/auth/callback/dingtalk", rt.loginCallbackDingTalk)
 		pages.GET("/auth/perms", rt.allPerms)
 
 		pages.GET("/metrics/desc", rt.metricsDescGetFile)
@@ -316,6 +318,7 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.GET("/busi-groups/tags", rt.auth(), rt.user(), rt.busiGroupsGetTags)
 
 		pages.GET("/targets", rt.auth(), rt.user(), rt.targetGets)
+		pages.POST("/target-update", rt.auth(), rt.targetUpdate)
 		pages.GET("/target/extra-meta", rt.auth(), rt.user(), rt.targetExtendInfoByIdent)
 		pages.POST("/target/list", rt.auth(), rt.user(), rt.targetGetsByHostFilter)
 		pages.DELETE("/targets", rt.auth(), rt.user(), rt.perm("/targets/del"), rt.targetDel)
@@ -543,6 +546,9 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.GET("/notify-rule/custom-params", rt.auth(), rt.user(), rt.perm("/notification-rules"), rt.notifyRuleCustomParamsGet)
 		pages.POST("/notify-rule/event-pipelines-tryrun", rt.auth(), rt.user(), rt.perm("/notification-rules/add"), rt.tryRunEventProcessorByNotifyRule)
 
+		pages.GET("/event-tagkeys", rt.auth(), rt.user(), rt.eventTagKeys)
+		pages.GET("/event-tagvalues", rt.auth(), rt.user(), rt.eventTagValues)
+
 		// 事件Pipeline相关路由
 		pages.GET("/event-pipelines", rt.auth(), rt.user(), rt.perm("/event-pipelines"), rt.eventPipelinesList)
 		pages.POST("/event-pipeline", rt.auth(), rt.user(), rt.perm("/event-pipelines/add"), rt.addEventPipeline)
@@ -559,8 +565,18 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.GET("/notify-channel-configs", rt.auth(), rt.user(), rt.perm("/notification-channels"), rt.notifyChannelsGet)
 		pages.GET("/simplified-notify-channel-configs", rt.notifyChannelsGetForNormalUser)
 		pages.GET("/flashduty-channel-list/:id", rt.auth(), rt.user(), rt.flashDutyNotifyChannelsGet)
+		pages.GET("/pagerduty-integration-key/:id/:service_id/:integration_id", rt.auth(), rt.user(), rt.pagerDutyIntegrationKeyGet)
+		pages.GET("/pagerduty-service-list/:id", rt.auth(), rt.user(), rt.pagerDutyNotifyServicesGet)
 		pages.GET("/notify-channel-config", rt.auth(), rt.user(), rt.notifyChannelGetBy)
 		pages.GET("/notify-channel-config/idents", rt.notifyChannelIdentsGet)
+
+		// saved view 查询条件保存相关路由
+		pages.GET("/saved-views", rt.auth(), rt.user(), rt.savedViewGets)
+		pages.POST("/saved-views", rt.auth(), rt.user(), rt.savedViewAdd)
+		pages.PUT("/saved-view/:id", rt.auth(), rt.user(), rt.savedViewPut)
+		pages.DELETE("/saved-view/:id", rt.auth(), rt.user(), rt.savedViewDel)
+		pages.POST("/saved-view/:id/favorite", rt.auth(), rt.user(), rt.savedViewFavoriteAdd)
+		pages.DELETE("/saved-view/:id/favorite", rt.auth(), rt.user(), rt.savedViewFavoriteDel)
 	}
 
 	r.GET("/api/n9e/versions", func(c *gin.Context) {
@@ -617,6 +633,7 @@ func (rt *Router) Config(r *gin.Engine) {
 			service.GET("/busi-groups", rt.busiGroupGetsByService)
 
 			service.GET("/datasources", rt.datasourceGetsByService)
+			service.GET("/datasource-rsa-config", rt.datasourceRsaConfigGet)
 			service.GET("/datasource-ids", rt.getDatasourceIds)
 			service.POST("/server-heartbeat", rt.serverHeartbeat)
 			service.GET("/servers-active", rt.serversActive)
@@ -624,6 +641,7 @@ func (rt *Router) Config(r *gin.Engine) {
 			service.GET("/recording-rules", rt.recordingRuleGetsByService)
 
 			service.GET("/alert-mutes", rt.alertMuteGets)
+			service.GET("/active-alert-mutes", rt.activeAlertMuteGets)
 			service.POST("/alert-mutes", rt.alertMuteAddByService)
 			service.DELETE("/alert-mutes", rt.alertMuteDel)
 
@@ -672,6 +690,14 @@ func (rt *Router) Config(r *gin.Engine) {
 			service.GET("/message-templates", rt.messageTemplateGets)
 
 			service.GET("/event-pipelines", rt.eventPipelinesListByService)
+
+			// 手机号加密存储配置接口
+			service.POST("/users/phone/encrypt", rt.usersPhoneEncrypt)
+			service.POST("/users/phone/decrypt", rt.usersPhoneDecrypt)
+			service.POST("/users/phone/refresh-encryption-config", rt.usersPhoneDecryptRefresh)
+
+			service.GET("/builtin-components", rt.builtinComponentsGets)
+			service.GET("/builtin-payloads", rt.builtinPayloadsGets)
 		}
 	}
 

center/router/router_alert_cur_event.go

@@ -13,6 +13,7 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
+	"github.com/toolkits/pkg/logger"
 )
 
 func getUserGroupIds(ctx *gin.Context, rt *Router, myGroups bool) ([]int64, error) {
@@ -263,11 +264,11 @@ func GetCurEventDetail(ctx *ctx.Context, eid int64) (*models.AlertCurEvent, erro
 	event.NotifyVersion, err = GetEventNotifyVersion(ctx, event.RuleId, event.NotifyRuleIds)
 	ginx.Dangerous(err)
 
-	event.NotifyRules, err = GetEventNorifyRuleNames(ctx, event.NotifyRuleIds)
+	event.NotifyRules, err = GetEventNotifyRuleNames(ctx, event.NotifyRuleIds)
 	return event, err
 }
 
-func GetEventNorifyRuleNames(ctx *ctx.Context, notifyRuleIds []int64) ([]*models.EventNotifyRule, error) {
+func GetEventNotifyRuleNames(ctx *ctx.Context, notifyRuleIds []int64) ([]*models.EventNotifyRule, error) {
 	notifyRuleNames := make([]*models.EventNotifyRule, 0)
 	notifyRules, err := models.NotifyRulesGet(ctx, "id in ?", notifyRuleIds)
 	if err != nil {
@@ -305,3 +306,123 @@ func (rt *Router) alertCurEventDelByHash(c *gin.Context) {
 	hash := ginx.QueryStr(c, "hash")
 	ginx.NewRender(c).Message(models.AlertCurEventDelByHash(rt.Ctx, hash))
 }
+
+func (rt *Router) eventTagKeys(c *gin.Context) {
+	// 获取最近1天的活跃告警事件
+	now := time.Now().Unix()
+	stime := now - 24*3600
+	etime := now
+
+	// 获取用户可见的业务组ID列表
+	bgids, err := GetBusinessGroupIds(c, rt.Ctx, rt.Center.EventHistoryGroupView, false)
+	if err != nil {
+		logger.Warningf("failed to get business group ids: %v", err)
+		ginx.NewRender(c).Data([]string{"ident", "app", "service", "instance"}, nil)
+		return
+	}
+
+	// 查询活跃告警事件，限制数量以提高性能
+	events, err := models.AlertCurEventsGet(rt.Ctx, []string{}, bgids, stime, etime, []int64{}, []int64{}, []string{}, 0, "", 200, 0, []int64{})
+	if err != nil {
+		logger.Warningf("failed to get current alert events: %v", err)
+		ginx.NewRender(c).Data([]string{"ident", "app", "service", "instance"}, nil)
+		return
+	}
+
+	// 如果没有查到事件，返回默认标签
+	if len(events) == 0 {
+		ginx.NewRender(c).Data([]string{"ident", "app", "service", "instance"}, nil)
+		return
+	}
+
+	// 收集所有标签键并去重
+	tagKeys := make(map[string]struct{})
+	for _, event := range events {
+		for key := range event.TagsMap {
+			tagKeys[key] = struct{}{}
+		}
+	}
+
+	// 转换为字符串切片
+	var result []string
+	for key := range tagKeys {
+		result = append(result, key)
+	}
+
+	// 如果没有收集到任何标签键，返回默认值
+	if len(result) == 0 {
+		result = []string{"ident", "app", "service", "instance"}
+	}
+
+	ginx.NewRender(c).Data(result, nil)
+}
+
+func (rt *Router) eventTagValues(c *gin.Context) {
+	// 获取标签key
+	tagKey := ginx.QueryStr(c, "key")
+
+	// 获取最近1天的活跃告警事件
+	now := time.Now().Unix()
+	stime := now - 24*3600
+	etime := now
+
+	// 获取用户可见的业务组ID列表
+	bgids, err := GetBusinessGroupIds(c, rt.Ctx, rt.Center.EventHistoryGroupView, false)
+	if err != nil {
+		logger.Warningf("failed to get business group ids: %v", err)
+		ginx.NewRender(c).Data([]string{}, nil)
+		return
+	}
+
+	// 查询活跃告警事件，获取更多数据以保证统计准确性
+	events, err := models.AlertCurEventsGet(rt.Ctx, []string{}, bgids, stime, etime, []int64{}, []int64{}, []string{}, 0, "", 1000, 0, []int64{})
+	if err != nil {
+		logger.Warningf("failed to get current alert events: %v", err)
+		ginx.NewRender(c).Data([]string{}, nil)
+		return
+	}
+
+	// 如果没有查到事件，返回空数组
+	if len(events) == 0 {
+		ginx.NewRender(c).Data([]string{}, nil)
+		return
+	}
+
+	// 统计标签值出现次数
+	valueCount := make(map[string]int)
+	for _, event := range events {
+		// TagsMap已经在AlertCurEventsGet中处理，直接使用
+		if value, exists := event.TagsMap[tagKey]; exists && value != "" {
+			valueCount[value]++
+		}
+	}
+
+	// 转换为切片并按出现次数降序排序
+	type tagValue struct {
+		value string
+		count int
+	}
+
+	tagValues := make([]tagValue, 0, len(valueCount))
+	for value, count := range valueCount {
+		tagValues = append(tagValues, tagValue{value, count})
+	}
+
+	// 按出现次数降序排序
+	sort.Slice(tagValues, func(i, j int) bool {
+		return tagValues[i].count > tagValues[j].count
+	})
+
+	// 只取Top20并转换为字符串数组
+	limit := 20
+	if len(tagValues) < limit {
+		limit = len(tagValues)
+	}
+
+	result := make([]string, 0, limit)
+	for i := 0; i < limit; i++ {
+		result = append(result, tagValues[i].value)
+	}
+
+	ginx.NewRender(c).Data(result, nil)
+}

center/router/router_alert_his_event.go

@@ -62,11 +62,11 @@ func (rt *Router) alertHisEventsList(c *gin.Context) {
 	ginx.Dangerous(err)
 
 	total, err := models.AlertHisEventTotal(rt.Ctx, prods, bgids, stime, etime, severity,
-		recovered, dsIds, cates, ruleId, query)
+		recovered, dsIds, cates, ruleId, query, []int64{})
 	ginx.Dangerous(err)
 
 	list, err := models.AlertHisEventGets(rt.Ctx, prods, bgids, stime, etime, severity, recovered,
-		dsIds, cates, ruleId, query, limit, ginx.Offset(c, limit))
+		dsIds, cates, ruleId, query, limit, ginx.Offset(c, limit), []int64{})
 	ginx.Dangerous(err)
 
 	cache := make(map[int64]*models.UserGroup)
@@ -115,7 +115,18 @@ func (rt *Router) alertHisEventsDelete(c *gin.Context) {
 			time.Sleep(100 * time.Millisecond) // 防止锁表
 		}
 	}()
-	ginx.NewRender(c).Message("Alert history events deletion started")
+	ginx.NewRender(c).Data("Alert history events deletion started", nil)
+}
+
+var TransferEventToCur func(*ctx.Context, *models.AlertHisEvent) *models.AlertCurEvent
+
+func init() {
+	TransferEventToCur = transferEventToCur
+}
+
+func transferEventToCur(ctx *ctx.Context, event *models.AlertHisEvent) *models.AlertCurEvent {
+	cur := event.ToCur()
+	return cur
 }
 
 func (rt *Router) alertHisEventGet(c *gin.Context) {
@@ -141,8 +152,8 @@ func (rt *Router) alertHisEventGet(c *gin.Context) {
 	event.NotifyVersion, err = GetEventNotifyVersion(rt.Ctx, event.RuleId, event.NotifyRuleIds)
 	ginx.Dangerous(err)
 
-	event.NotifyRules, err = GetEventNorifyRuleNames(rt.Ctx, event.NotifyRuleIds)
-	ginx.NewRender(c).Data(event, err)
+	event.NotifyRules, err = GetEventNotifyRuleNames(rt.Ctx, event.NotifyRuleIds)
+	ginx.NewRender(c).Data(TransferEventToCur(rt.Ctx, event), err)
 }
 
 func GetBusinessGroupIds(c *gin.Context, ctx *ctx.Context, onlySelfGroupView bool, myGroups bool) ([]int64, error) {

center/router/router_alert_rule.go

@@ -35,13 +35,12 @@ func (rt *Router) alertRuleGets(c *gin.Context) {
 		cache := make(map[int64]*models.UserGroup)
 		for i := 0; i < len(ars); i++ {
 			ars[i].FillNotifyGroups(rt.Ctx, cache)
-			ars[i].FillSeverities()
 		}
 	}
 	ginx.NewRender(c).Data(ars, err)
 }
 
-func getAlertCueEventTimeRange(c *gin.Context) (stime, etime int64) {
+func GetAlertCueEventTimeRange(c *gin.Context) (stime, etime int64) {
 	stime = ginx.QueryInt64(c, "stime", 0)
 	etime = ginx.QueryInt64(c, "etime", 0)
 	if etime == 0 {
@@ -80,7 +79,6 @@ func (rt *Router) alertRuleGetsByGids(c *gin.Context) {
 		names := make([]string, 0, len(ars))
 		for i := 0; i < len(ars); i++ {
 			ars[i].FillNotifyGroups(rt.Ctx, cache)
-			ars[i].FillSeverities()
 
 			if len(ars[i].DatasourceQueries) != 0 {
 				ars[i].DatasourceIdsJson = rt.DatasourceCache.GetIDsByDsCateAndQueries(ars[i].Cate, ars[i].DatasourceQueries)
@@ -90,7 +88,7 @@ func (rt *Router) alertRuleGetsByGids(c *gin.Context) {
 			names = append(names, ars[i].UpdateBy)
 		}
 
-		stime, etime := getAlertCueEventTimeRange(c)
+		stime, etime := GetAlertCueEventTimeRange(c)
 		cnt := models.AlertCurEventCountByRuleId(rt.Ctx, rids, stime, etime)
 		if cnt != nil {
 			for i := 0; i < len(ars); i++ {

center/router/router_board.go

@@ -17,6 +17,7 @@ type boardForm struct {
 	Name       string  `json:"name"`
 	Ident      string  `json:"ident"`
 	Tags       string  `json:"tags"`
+	Note       string  `json:"note"`
 	Configs    string  `json:"configs"`
 	Public     int     `json:"public"`
 	PublicCate int     `json:"public_cate"`
@@ -34,6 +35,7 @@ func (rt *Router) boardAdd(c *gin.Context) {
 		Name:     f.Name,
 		Ident:    f.Ident,
 		Tags:     f.Tags,
+		Note:     f.Note,
 		Configs:  f.Configs,
 		CreateBy: me.Username,
 		UpdateBy: me.Username,
@@ -115,6 +117,10 @@ func (rt *Router) boardPureGet(c *gin.Context) {
 		ginx.Bomb(http.StatusNotFound, "No such dashboard")
 	}
 
+	// 清除创建者和更新者信息
+	board.CreateBy = ""
+	board.UpdateBy = ""
+
 	ginx.NewRender(c).Data(board, nil)
 }
 
@@ -180,10 +186,11 @@ func (rt *Router) boardPut(c *gin.Context) {
 	bo.Name = f.Name
 	bo.Ident = f.Ident
 	bo.Tags = f.Tags
+	bo.Note = f.Note
 	bo.UpdateBy = me.Username
 	bo.UpdateAt = time.Now().Unix()
 
-	err = bo.Update(rt.Ctx, "name", "ident", "tags", "update_by", "update_at")
+	err = bo.Update(rt.Ctx, "name", "ident", "tags", "note", "update_by", "update_at")
 	ginx.NewRender(c).Data(bo, err)
 }
 

center/router/router_builtin_metrics.go

@@ -50,7 +50,7 @@ func (rt *Router) builtinMetricsGets(c *gin.Context) {
 		lang = "zh_CN"
 	}
 
-	bmInDB, err := models.BuiltinMetricGets(rt.Ctx, "", collector, typ, query, unit, limit, ginx.Offset(c, limit))
+	bmInDB, err := models.BuiltinMetricGets(rt.Ctx, "", collector, typ, query, unit)
 	ginx.Dangerous(err)
 
 	bm, total, err := integration.BuiltinPayloadInFile.BuiltinMetricGets(bmInDB, lang, collector, typ, query, unit, limit, ginx.Offset(c, limit))

center/router/router_builtin_payload.go

@@ -19,6 +19,7 @@ type Board struct {
 	Tags    string      `json:"tags"`
 	Configs interface{} `json:"configs"`
 	UUID    int64       `json:"uuid"`
+	Note    string      `json:"note"`
 }
 
 func (rt *Router) builtinPayloadsAdd(c *gin.Context) {
@@ -129,6 +130,7 @@ func (rt *Router) builtinPayloadsAdd(c *gin.Context) {
 						Name:        dashboard.Name,
 						Tags:        dashboard.Tags,
 						UUID:        dashboard.UUID,
+						Note:        dashboard.Note,
 						Content:     string(contentBytes),
 						CreatedBy:   username,
 						UpdatedBy:   username,
@@ -164,6 +166,7 @@ func (rt *Router) builtinPayloadsAdd(c *gin.Context) {
 				Name:        dashboard.Name,
 				Tags:        dashboard.Tags,
 				UUID:        dashboard.UUID,
+				Note:        dashboard.Note,
 				Content:     string(contentBytes),
 				CreatedBy:   username,
 				UpdatedBy:   username,
@@ -275,6 +278,7 @@ func (rt *Router) builtinPayloadsPut(c *gin.Context) {
 
 		req.Name = dashboard.Name
 		req.Tags = dashboard.Tags
+		req.Note = dashboard.Note
 	} else if req.Type == "collect" {
 		c := make(map[string]interface{})
 		if _, err := toml.Decode(req.Content, &c); err != nil {

center/router/router_datasource.go

@@ -1,17 +1,20 @@
 package router
 
 import (
+	"context"
 	"crypto/tls"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
+	"time"
 
 	"github.com/ccfos/nightingale/v6/datasource/opensearch"
+	"github.com/ccfos/nightingale/v6/dskit/clickhouse"
 	"github.com/ccfos/nightingale/v6/models"
-
 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/i18n"
@@ -50,9 +53,41 @@ func (rt *Router) datasourceList(c *gin.Context) {
 func (rt *Router) datasourceGetsByService(c *gin.Context) {
 	typ := ginx.QueryStr(c, "typ", "")
 	lst, err := models.GetDatasourcesGetsBy(rt.Ctx, typ, "", "", "")
+
+	openRsa := rt.Center.RSA.OpenRSA
+	for _, item := range lst {
+		if err := item.Encrypt(openRsa, rt.HTTP.RSA.RSAPublicKey); err != nil {
+			logger.Errorf("datasource %+v encrypt failed: %v", item, err)
+			continue
+		}
+	}
 	ginx.NewRender(c).Data(lst, err)
 }
 
+func (rt *Router) datasourceRsaConfigGet(c *gin.Context) {
+	if rt.Center.RSA.OpenRSA {
+		publicKey := ""
+		privateKey := ""
+		if len(rt.HTTP.RSA.RSAPublicKey) > 0 {
+			publicKey = base64.StdEncoding.EncodeToString(rt.HTTP.RSA.RSAPublicKey)
+		}
+		if len(rt.HTTP.RSA.RSAPrivateKey) > 0 {
+			privateKey = base64.StdEncoding.EncodeToString(rt.HTTP.RSA.RSAPrivateKey)
+		}
+		logger.Debugf("OpenRSA=%v", rt.Center.RSA.OpenRSA)
+		ginx.NewRender(c).Data(models.RsaConfig{
+			OpenRSA:       rt.Center.RSA.OpenRSA,
+			RSAPublicKey:  publicKey,
+			RSAPrivateKey: privateKey,
+			RSAPassWord:   rt.HTTP.RSA.RSAPassWord,
+		}, nil)
+	} else {
+		ginx.NewRender(c).Data(models.RsaConfig{
+			OpenRSA: rt.Center.RSA.OpenRSA,
+		}, nil)
+	}
+}
+
 func (rt *Router) datasourceBriefs(c *gin.Context) {
 	var dss []*models.Datasource
 	list, err := models.GetDatasourcesGetsBy(rt.Ctx, "", "", "", "")
@@ -153,6 +188,79 @@ func (rt *Router) datasourceUpsert(c *gin.Context) {
 		}
 	}
 
+	if req.PluginType == models.CLICKHOUSE {
+		b, err := json.Marshal(req.SettingsJson)
+		if err != nil {
+			logger.Warningf("marshal clickhouse settings failed: %v", err)
+			Dangerous(c, err)
+			return
+		}
+
+		var ckConfig clickhouse.Clickhouse
+		err = json.Unmarshal(b, &ckConfig)
+		if err != nil {
+			logger.Warningf("unmarshal clickhouse settings failed: %v", err)
+			Dangerous(c, err)
+			return
+		}
+		// 检查ckconfig的nodes不应该以http://或https://开头
+		for _, addr := range ckConfig.Nodes {
+			if strings.HasPrefix(addr, "http://") || strings.HasPrefix(addr, "https://") {
+				err = fmt.Errorf("clickhouse node address should not start with http:// or https:// : %s", addr)
+				logger.Warningf("clickhouse node address invalid: %v", err)
+				Dangerous(c, err)
+				return
+			}
+		}
+
+		// InitCli 会自动检测并选择 HTTP 或 Native 协议
+		err = ckConfig.InitCli()
+		if err != nil {
+			logger.Warningf("clickhouse connection failed: %v", err)
+			Dangerous(c, err)
+			return
+		}
+
+		// 执行 SHOW DATABASES 测试连通性
+		_, err = ckConfig.ShowDatabases(context.Background())
+		if err != nil {
+			logger.Warningf("clickhouse test query failed: %v", err)
+			Dangerous(c, err)
+			return
+		}
+	}
+
+	if req.PluginType == models.ELASTICSEARCH {
+		skipAuto := false
+		// 若用户输入了version（version字符串存在且不为空），则不自动获取
+		if req.SettingsJson != nil {
+			if v, ok := req.SettingsJson["version"]; ok {
+				switch vv := v.(type) {
+				case string:
+					if strings.TrimSpace(vv) != "" {
+						skipAuto = true
+					}
+				default:
+					if strings.TrimSpace(fmt.Sprint(vv)) != "" {
+						skipAuto = true
+					}
+				}
+			}
+		}
+
+		if !skipAuto {
+			version, err := getElasticsearchVersion(req, 10*time.Second)
+			if err != nil {
+				logger.Warningf("failed to get elasticsearch version: %v", err)
+			} else {
+				if req.SettingsJson == nil {
+					req.SettingsJson = make(map[string]interface{})
+				}
+				req.SettingsJson["version"] = version
+			}
+		}
+	}
+
 	if req.Id == 0 {
 		req.CreatedBy = username
 		req.Status = "enabled"
@@ -347,3 +455,82 @@ func (rt *Router) datasourceQuery(c *gin.Context) {
 	}
 	ginx.NewRender(c).Data(req, err)
 }
+
+// getElasticsearchVersion 该函数尝试从提供的Elasticsearch数据源中获取版本号，遍历所有URL，
+// 直到成功获取版本号或所有URL均尝试失败为止。
+func getElasticsearchVersion(ds models.Datasource, timeout time.Duration) (string, error) {
+	client := &http.Client{
+		Timeout: timeout,
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: ds.HTTPJson.TLS.SkipTlsVerify,
+			},
+		},
+	}
+
+	urls := make([]string, 0)
+	if len(ds.HTTPJson.Urls) > 0 {
+		urls = append(urls, ds.HTTPJson.Urls...)
+	}
+	if ds.HTTPJson.Url != "" {
+		urls = append(urls, ds.HTTPJson.Url)
+	}
+	if len(urls) == 0 {
+		return "", fmt.Errorf("no url provided")
+	}
+
+	var lastErr error
+	for _, raw := range urls {
+		baseURL := strings.TrimRight(raw, "/") + "/"
+		req, err := http.NewRequest("GET", baseURL, nil)
+		if err != nil {
+			lastErr = err
+			continue
+		}
+
+		if ds.AuthJson.BasicAuthUser != "" {
+			req.SetBasicAuth(ds.AuthJson.BasicAuthUser, ds.AuthJson.BasicAuthPassword)
+		}
+
+		for k, v := range ds.HTTPJson.Headers {
+			req.Header.Set(k, v)
+		}
+
+		resp, err := client.Do(req)
+		if err != nil {
+			lastErr = err
+			continue
+		}
+
+		body, err := io.ReadAll(resp.Body)
+		resp.Body.Close()
+		if err != nil {
+			lastErr = err
+			continue
+		}
+
+		if resp.StatusCode != 200 {
+			lastErr = fmt.Errorf("request to %s failed with status: %d body:%s", baseURL, resp.StatusCode, string(body))
+			continue
+		}
+
+		var result map[string]interface{}
+		if err := json.Unmarshal(body, &result); err != nil {
+			lastErr = err
+			continue
+		}
+
+		if version, ok := result["version"].(map[string]interface{}); ok {
+			if number, ok := version["number"].(string); ok && number != "" {
+				return number, nil
+			}
+		}
+
+		lastErr = fmt.Errorf("version not found in response from %s", baseURL)
+	}
+
+	if lastErr != nil {
+		return "", lastErr
+	}
+	return "", fmt.Errorf("failed to get elasticsearch version")
+}

center/router/router_datasource_db.go

@@ -60,8 +60,8 @@ func (rt *Router) ShowTables(c *gin.Context) {
 	}
 	switch plug.(type) {
 	case TableShower:
-		if len(f.Querys) > 0 {
-			database, ok := f.Querys[0].(string)
+		if len(f.Queries) > 0 {
+			database, ok := f.Queries[0].(string)
 			if ok {
 				tables, err = plug.(TableShower).ShowTables(c.Request.Context(), database)
 			}
@@ -90,8 +90,8 @@ func (rt *Router) DescribeTable(c *gin.Context) {
 	switch plug.(type) {
 	case TableDescriber:
 		client := plug.(TableDescriber)
-		if len(f.Querys) > 0 {
-			columns, err = client.DescribeTable(c.Request.Context(), f.Querys[0])
+		if len(f.Queries) > 0 {
+			columns, err = client.DescribeTable(c.Request.Context(), f.Queries[0])
 		}
 	default:
 		ginx.Bomb(200, "datasource not exists")

center/router/router_event_pipeline.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
+	"github.com/toolkits/pkg/i18n"
 )
 
 // 获取事件Pipeline列表
@@ -139,12 +140,14 @@ func (rt *Router) tryRunEventPipeline(c *gin.Context) {
 	}
 	event := hisEvent.ToCur()
 
+	lang := c.GetHeader("X-Language")
+	var result string
 	for _, p := range f.PipelineConfig.ProcessorConfigs {
 		processor, err := models.GetProcessorByType(p.Typ, p.Config)
 		if err != nil {
 			ginx.Bomb(http.StatusBadRequest, "get processor: %+v err: %+v", p, err)
 		}
-		event, _, err = processor.Process(rt.Ctx, event)
+		event, result, err = processor.Process(rt.Ctx, event)
 		if err != nil {
 			ginx.Bomb(http.StatusBadRequest, "processor: %+v err: %+v", p, err)
 		}
@@ -152,7 +155,7 @@ func (rt *Router) tryRunEventPipeline(c *gin.Context) {
 		if event == nil {
 			ginx.NewRender(c).Data(map[string]interface{}{
 				"event":  event,
-				"result": "event is dropped",
+				"result": i18n.Sprintf(lang, "event is dropped"),
 			}, nil)
 			return
 		}
@@ -160,7 +163,7 @@ func (rt *Router) tryRunEventPipeline(c *gin.Context) {
 
 	m := map[string]interface{}{
 		"event":  event,
-		"result": "",
+		"result": i18n.Sprintf(lang, result),
 	}
 	ginx.NewRender(c).Data(m, nil)
 }
@@ -188,9 +191,10 @@ func (rt *Router) tryRunEventProcessor(c *gin.Context) {
 		ginx.Bomb(200, "processor err: %+v", err)
 	}
 
+	lang := c.GetHeader("X-Language")
 	ginx.NewRender(c).Data(map[string]interface{}{
 		"event":  event,
-		"result": res,
+		"result": i18n.Sprintf(lang, res),
 	}, nil)
 }
 
@@ -231,9 +235,10 @@ func (rt *Router) tryRunEventProcessorByNotifyRule(c *gin.Context) {
 				ginx.Bomb(http.StatusBadRequest, "processor: %+v err: %+v", p, err)
 			}
 			if event == nil {
+				lang := c.GetHeader("X-Language")
 				ginx.NewRender(c).Data(map[string]interface{}{
 					"event":  event,
-					"result": "event is dropped",
+					"result": i18n.Sprintf(lang, "event is dropped"),
 				}, nil)
 				return
 			}

center/router/router_funcs.go

@@ -128,6 +128,12 @@ func UserGroup(ctx *ctx.Context, id int64) *models.UserGroup {
 		ginx.Bomb(http.StatusNotFound, "No such UserGroup")
 	}
 
+	bgids, err := models.BusiGroupIds(ctx, []int64{id})
+	ginx.Dangerous(err)
+
+	obj.BusiGroups, err = models.BusiGroupGetByIds(ctx, bgids)
+	ginx.Dangerous(err)
+
 	return obj
 }
 

center/router/router_login.go

@@ -2,13 +2,16 @@ package router
 
 import (
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
+	"time"
 
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/cas"
+	"github.com/ccfos/nightingale/v6/pkg/dingtalk"
 	"github.com/ccfos/nightingale/v6/pkg/ldapx"
 	"github.com/ccfos/nightingale/v6/pkg/oauth2x"
 	"github.com/ccfos/nightingale/v6/pkg/oidcx"
@@ -17,8 +20,10 @@ import (
 	"github.com/dgrijalva/jwt-go"
 	"github.com/gin-gonic/gin"
 	"github.com/pelletier/go-toml/v2"
+	"github.com/pkg/errors"
 	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
+	"gorm.io/gorm"
 )
 
 type loginForm struct {
@@ -107,9 +112,20 @@ func (rt *Router) logoutPost(c *gin.Context) {
 
 	var logoutAddr string
 	user := c.MustGet("user").(*models.User)
+
+	// 获取用户的 id_token
+	idToken, err := rt.fetchIdToken(c.Request.Context(), user.Id)
+	if err != nil {
+		logger.Debugf("fetch id_token failed: %v, user_id: %d", err, user.Id)
+		idToken = "" // 如果获取失败，使用空字符串
+	}
+
+	// 删除 id_token
+	rt.deleteIdToken(c.Request.Context(), user.Id)
+
 	switch user.Belong {
 	case "oidc":
-		logoutAddr = rt.Sso.OIDC.GetSsoLogoutAddr()
+		logoutAddr = rt.Sso.OIDC.GetSsoLogoutAddr(idToken)
 	case "cas":
 		logoutAddr = rt.Sso.CAS.GetSsoLogoutAddr()
 	case "oauth2":
@@ -199,6 +215,14 @@ func (rt *Router) refreshPost(c *gin.Context) {
 		ginx.Dangerous(err)
 		ginx.Dangerous(rt.createAuth(c.Request.Context(), userIdentity, ts))
 
+		// 延长 id_token 的过期时间，使其与新的 refresh token 生命周期保持一致
+		// 注意：这里不会获取新的 id_token，只是延长 Redis 中现有 id_token 的 TTL
+		if idToken, err := rt.fetchIdToken(c.Request.Context(), userid); err == nil && idToken != "" {
+			if err := rt.saveIdToken(c.Request.Context(), userid, idToken); err != nil {
+				logger.Debugf("refresh id_token ttl failed: %v, user_id: %d", err, userid)
+			}
+		}
+
 		ginx.NewRender(c).Data(gin.H{
 			"access_token":  ts.AccessToken,
 			"refresh_token": ts.RefreshToken,
@@ -286,6 +310,13 @@ func (rt *Router) loginCallback(c *gin.Context) {
 	ginx.Dangerous(err)
 	ginx.Dangerous(rt.createAuth(c.Request.Context(), userIdentity, ts))
 
+	// 保存 id_token 到 Redis，用于登出时使用
+	if ret.IdToken != "" {
+		if err := rt.saveIdToken(c.Request.Context(), user.Id, ret.IdToken); err != nil {
+			logger.Errorf("save id_token failed: %v, user_id: %d", err, user.Id)
+		}
+	}
+
 	redirect := "/"
 	if ret.Redirect != "/login" {
 		redirect = ret.Redirect
@@ -413,6 +444,81 @@ func (rt *Router) loginRedirectOAuth(c *gin.Context) {
 	ginx.NewRender(c).Data(redirect, err)
 }
 
+func (rt *Router) loginRedirectDingTalk(c *gin.Context) {
+	redirect := ginx.QueryStr(c, "redirect", "/")
+
+	v, exists := c.Get("userid")
+	if exists {
+		userid := v.(int64)
+		user, err := models.UserGetById(rt.Ctx, userid)
+		ginx.Dangerous(err)
+		if user == nil {
+			ginx.Bomb(200, "user not found")
+		}
+
+		if user.Username != "" { // already login
+			ginx.NewRender(c).Data(redirect, nil)
+			return
+		}
+	}
+
+	if !rt.Sso.DingTalk.Enable {
+		ginx.NewRender(c).Data("", nil)
+		return
+	}
+
+	redirect, err := rt.Sso.DingTalk.Authorize(rt.Redis, redirect)
+	ginx.Dangerous(err)
+
+	ginx.NewRender(c).Data(redirect, err)
+}
+
+func (rt *Router) loginCallbackDingTalk(c *gin.Context) {
+	code := ginx.QueryStr(c, "code", "")
+	state := ginx.QueryStr(c, "state", "")
+
+	ret, err := rt.Sso.DingTalk.Callback(rt.Redis, c.Request.Context(), code, state)
+	if err != nil {
+		logger.Errorf("sso_callback DingTalk fail. code:%s, state:%s, get ret: %+v. error: %v", code, state, ret, err)
+		ginx.NewRender(c).Data(CallbackOutput{}, err)
+		return
+	}
+
+	user, err := models.UserGet(rt.Ctx, "username=?", ret.Username)
+	ginx.Dangerous(err)
+
+	if user != nil {
+		if rt.Sso.DingTalk.DingTalkConfig.CoverAttributes {
+			updatedFields := user.UpdateSsoFields(dingtalk.SsoTypeName, ret.Nickname, ret.Phone, ret.Email)
+			ginx.Dangerous(user.Update(rt.Ctx, "update_at", updatedFields...))
+		}
+	} else {
+		user = new(models.User)
+		user.FullSsoFields(dingtalk.SsoTypeName, ret.Username, ret.Nickname, ret.Phone, ret.Email, rt.Sso.DingTalk.DingTalkConfig.DefaultRoles)
+		// create user from dingtalk
+		ginx.Dangerous(user.Add(rt.Ctx))
+	}
+
+	// set user login state
+	userIdentity := fmt.Sprintf("%d-%s", user.Id, user.Username)
+	ts, err := rt.createTokens(rt.HTTP.JWTAuth.SigningKey, userIdentity)
+	ginx.Dangerous(err)
+	ginx.Dangerous(rt.createAuth(c.Request.Context(), userIdentity, ts))
+
+	redirect := "/"
+	if ret.Redirect != "/login" {
+		redirect = ret.Redirect
+	}
+
+	ginx.NewRender(c).Data(CallbackOutput{
+		Redirect:     redirect,
+		User:         user,
+		AccessToken:  ts.AccessToken,
+		RefreshToken: ts.RefreshToken,
+	}, nil)
+
+}
+
 func (rt *Router) loginCallbackOAuth(c *gin.Context) {
 	code := ginx.QueryStr(c, "code", "")
 	state := ginx.QueryStr(c, "state", "")
@@ -459,13 +565,14 @@ func (rt *Router) loginCallbackOAuth(c *gin.Context) {
 }
 
 type SsoConfigOutput struct {
-	OidcDisplayName  string `json:"oidcDisplayName"`
-	CasDisplayName   string `json:"casDisplayName"`
-	OauthDisplayName string `json:"oauthDisplayName"`
+	OidcDisplayName     string `json:"oidcDisplayName"`
+	CasDisplayName      string `json:"casDisplayName"`
+	OauthDisplayName    string `json:"oauthDisplayName"`
+	DingTalkDisplayName string `json:"dingTalkDisplayName"`
 }
 
 func (rt *Router) ssoConfigNameGet(c *gin.Context) {
-	var oidcDisplayName, casDisplayName, oauthDisplayName string
+	var oidcDisplayName, casDisplayName, oauthDisplayName, dingTalkDisplayName string
 	if rt.Sso.OIDC != nil {
 		oidcDisplayName = rt.Sso.OIDC.GetDisplayName()
 	}
@@ -478,23 +585,85 @@ func (rt *Router) ssoConfigNameGet(c *gin.Context) {
 		oauthDisplayName = rt.Sso.OAuth2.GetDisplayName()
 	}
 
+	if rt.Sso.DingTalk != nil {
+		dingTalkDisplayName = rt.Sso.DingTalk.GetDisplayName()
+	}
+
 	ginx.NewRender(c).Data(SsoConfigOutput{
-		OidcDisplayName:  oidcDisplayName,
-		CasDisplayName:   casDisplayName,
-		OauthDisplayName: oauthDisplayName,
+		OidcDisplayName:     oidcDisplayName,
+		CasDisplayName:      casDisplayName,
+		OauthDisplayName:    oauthDisplayName,
+		DingTalkDisplayName: dingTalkDisplayName,
 	}, nil)
 }
 
 func (rt *Router) ssoConfigGets(c *gin.Context) {
-	ginx.NewRender(c).Data(models.SsoConfigGets(rt.Ctx))
+	var ssoConfigs []models.SsoConfig
+	lst, err := models.SsoConfigGets(rt.Ctx)
+	ginx.Dangerous(err)
+	if len(lst) == 0 {
+		ginx.NewRender(c).Data(ssoConfigs, nil)
+		return
+	}
+
+	// TODO: dingTalkExist 为了兼容当前前端配置, 后期单点登陆统一调整后不在预先设置默认内容
+	dingTalkExist := false
+	for _, config := range lst {
+		var ssoReqConfig models.SsoConfig
+		ssoReqConfig.Id = config.Id
+		ssoReqConfig.Name = config.Name
+		ssoReqConfig.UpdateAt = config.UpdateAt
+		switch config.Name {
+		case dingtalk.SsoTypeName:
+			dingTalkExist = true
+			err := json.Unmarshal([]byte(config.Content), &ssoReqConfig.SettingJson)
+			ginx.Dangerous(err)
+		default:
+			ssoReqConfig.Content = config.Content
+		}
+
+		ssoConfigs = append(ssoConfigs, ssoReqConfig)
+	}
+	// TODO: dingTalkExist 为了兼容当前前端配置, 后期单点登陆统一调整后不在预先设置默认内容
+	if !dingTalkExist {
+		var ssoConfig models.SsoConfig
+		ssoConfig.Name = dingtalk.SsoTypeName
+		ssoConfigs = append(ssoConfigs, ssoConfig)
+	}
+
+	ginx.NewRender(c).Data(ssoConfigs, nil)
 }
 
 func (rt *Router) ssoConfigUpdate(c *gin.Context) {
 	var f models.SsoConfig
-	ginx.BindJSON(c, &f)
+	var ssoConfig models.SsoConfig
+	ginx.BindJSON(c, &ssoConfig)
 
-	err := f.Update(rt.Ctx)
-	ginx.Dangerous(err)
+	switch ssoConfig.Name {
+	case dingtalk.SsoTypeName:
+		f.Name = ssoConfig.Name
+		setting, err := json.Marshal(ssoConfig.SettingJson)
+		ginx.Dangerous(err)
+		f.Content = string(setting)
+		f.UpdateAt = time.Now().Unix()
+		sso, err := f.Query(rt.Ctx)
+		if !errors.Is(err, gorm.ErrRecordNotFound) {
+			ginx.Dangerous(err)
+		}
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			err = f.Create(rt.Ctx)
+		} else {
+			f.Id = sso.Id
+			err = f.Update(rt.Ctx)
+		}
+		ginx.Dangerous(err)
+	default:
+		f.Id = ssoConfig.Id
+		f.Name = ssoConfig.Name
+		f.Content = ssoConfig.Content
+		err := f.Update(rt.Ctx)
+		ginx.Dangerous(err)
+	}
 
 	switch f.Name {
 	case "LDAP":
@@ -518,6 +687,14 @@ func (rt *Router) ssoConfigUpdate(c *gin.Context) {
 		err := toml.Unmarshal([]byte(f.Content), &config)
 		ginx.Dangerous(err)
 		rt.Sso.OAuth2.Reload(config)
+	case dingtalk.SsoTypeName:
+		var config dingtalk.Config
+		err := json.Unmarshal([]byte(f.Content), &config)
+		ginx.Dangerous(err)
+		if rt.Sso.DingTalk == nil {
+			rt.Sso.DingTalk = dingtalk.New(config)
+		}
+		rt.Sso.DingTalk.Reload(config)
 	}
 
 	ginx.NewRender(c).Message(nil)

center/router/router_message_template.go

@@ -193,10 +193,9 @@ func (rt *Router) eventsMessage(c *gin.Context) {
 		events[i] = he.ToCur()
 	}
 
-	var defs = []string{
-		"{{$events := .}}",
-		"{{$event := index . 0}}",
-	}
+	renderData := make(map[string]interface{})
+	renderData["events"] = events
+	defs := models.GetDefs(renderData)
 	ret := make(map[string]string, len(req.Tpl.Content))
 	for k, v := range req.Tpl.Content {
 		text := strings.Join(append(defs, v), "")
@@ -207,7 +206,7 @@ func (rt *Router) eventsMessage(c *gin.Context) {
 		}
 
 		var buf bytes.Buffer
-		err = tpl.Execute(&buf, events)
+		err = tpl.Execute(&buf, renderData)
 		if err != nil {
 			ret[k] = err.Error()
 			continue

center/router/router_mute.go

@@ -18,7 +18,10 @@ import (
 // Return all, front-end search and paging
 func (rt *Router) alertMuteGetsByBG(c *gin.Context) {
 	bgid := ginx.UrlParamInt64(c, "id")
-	lst, err := models.AlertMuteGetsByBG(rt.Ctx, bgid)
+	prods := strings.Fields(ginx.QueryStr(c, "prods", ""))
+	query := ginx.QueryStr(c, "query", "")
+	expired := ginx.QueryInt(c, "expired", -1)
+	lst, err := models.AlertMuteGets(rt.Ctx, prods, bgid, -1, expired, query)
 
 	ginx.NewRender(c).Data(lst, err)
 }
@@ -53,11 +56,17 @@ func (rt *Router) alertMuteGets(c *gin.Context) {
 	bgid := ginx.QueryInt64(c, "bgid", -1)
 	query := ginx.QueryStr(c, "query", "")
 	disabled := ginx.QueryInt(c, "disabled", -1)
-	lst, err := models.AlertMuteGets(rt.Ctx, prods, bgid, disabled, query)
+	expired := ginx.QueryInt(c, "expired", -1)
+	lst, err := models.AlertMuteGets(rt.Ctx, prods, bgid, disabled, expired, query)
 
 	ginx.NewRender(c).Data(lst, err)
 }
 
+func (rt *Router) activeAlertMuteGets(c *gin.Context) {
+	lst, err := models.AlertMuteGetsAll(rt.Ctx)
+	ginx.NewRender(c).Data(lst, err)
+}
+
 func (rt *Router) alertMuteAdd(c *gin.Context) {
 
 	var f models.AlertMute
@@ -67,7 +76,9 @@ func (rt *Router) alertMuteAdd(c *gin.Context) {
 	f.CreateBy = username
 	f.UpdateBy = username
 	f.GroupId = ginx.UrlParamInt64(c, "id")
-	ginx.NewRender(c).Message(f.Add(rt.Ctx))
+
+	ginx.Dangerous(f.Add(rt.Ctx))
+	ginx.NewRender(c).Data(f.Id, nil)
 }
 
 type MuteTestForm struct {

center/router/router_mw.go

@@ -453,6 +453,30 @@ func (rt *Router) wrapJwtKey(key string) string {
 	return rt.HTTP.JWTAuth.RedisKeyPrefix + key
 }
 
+func (rt *Router) wrapIdTokenKey(userId int64) string {
+	return fmt.Sprintf("n9e_id_token_%d", userId)
+}
+
+// saveIdToken 保存用户的 id_token 到 Redis
+func (rt *Router) saveIdToken(ctx context.Context, userId int64, idToken string) error {
+	if idToken == "" {
+		return nil
+	}
+	// id_token 的过期时间应该与 RefreshToken 保持一致，确保在整个会话期间都可用于登出
+	expiration := time.Minute * time.Duration(rt.HTTP.JWTAuth.RefreshExpired)
+	return rt.Redis.Set(ctx, rt.wrapIdTokenKey(userId), idToken, expiration).Err()
+}
+
+// fetchIdToken 从 Redis 获取用户的 id_token
+func (rt *Router) fetchIdToken(ctx context.Context, userId int64) (string, error) {
+	return rt.Redis.Get(ctx, rt.wrapIdTokenKey(userId)).Result()
+}
+
+// deleteIdToken 从 Redis 删除用户的 id_token
+func (rt *Router) deleteIdToken(ctx context.Context, userId int64) error {
+	return rt.Redis.Del(ctx, rt.wrapIdTokenKey(userId)).Err()
+}
+
 type TokenDetails struct {
 	AccessToken  string
 	RefreshToken string

center/router/router_notification_record.go

@@ -33,7 +33,7 @@ type Record struct {
 
 // notificationRecordAdd
 func (rt *Router) notificationRecordAdd(c *gin.Context) {
-	var req []*models.NotificaitonRecord
+	var req []*models.NotificationRecord
 	ginx.BindJSON(c, &req)
 	err := sender.PushNotifyRecords(req)
 	ginx.Dangerous(err, 429)
@@ -43,14 +43,14 @@ func (rt *Router) notificationRecordAdd(c *gin.Context) {
 
 func (rt *Router) notificationRecordList(c *gin.Context) {
 	eid := ginx.UrlParamInt64(c, "eid")
-	lst, err := models.NotificaitonRecordsGetByEventId(rt.Ctx, eid)
+	lst, err := models.NotificationRecordsGetByEventId(rt.Ctx, eid)
 	ginx.Dangerous(err)
 
 	response := buildNotificationResponse(rt.Ctx, lst)
 	ginx.NewRender(c).Data(response, nil)
 }
 
-func buildNotificationResponse(ctx *ctx.Context, nl []*models.NotificaitonRecord) NotificationResponse {
+func buildNotificationResponse(ctx *ctx.Context, nl []*models.NotificationRecord) NotificationResponse {
 	response := NotificationResponse{
 		SubRules: []SubRule{},
 		Notifies: make(map[string][]Record),

center/router/router_notify_channel.go

@@ -162,21 +162,6 @@ func (rt *Router) notifyChannelIdentsGet(c *gin.Context) {
 	ginx.NewRender(c).Data(lst, nil)
 }
 
-type flushDutyChannelsResponse struct {
-	Error struct {
-		Code    string `json:"code"`
-		Message string `json:"message"`
-	} `json:"error"`
-	Data struct {
-		Items []struct {
-			ChannelID   int    `json:"channel_id"`
-			ChannelName string `json:"channel_name"`
-			Status      string `json:"status"`
-		} `json:"items"`
-		Total int `json:"total"`
-	} `json:"data"`
-}
-
 func (rt *Router) flashDutyNotifyChannelsGet(c *gin.Context) {
 	cid := ginx.UrlParamInt64(c, "id")
 	nc, err := models.NotifyChannelGet(rt.Ctx, "id = ?", cid)
@@ -196,18 +181,31 @@ func (rt *Router) flashDutyNotifyChannelsGet(c *gin.Context) {
 		jsonData = []byte(fmt.Sprintf(`{"member_name":"%s","email":"%s","phone":"%s"}`, me.Username, me.Email, me.Phone))
 	}
 
-	items, err := getFlashDutyChannels(nc.RequestConfig.FlashDutyRequestConfig.IntegrationUrl, jsonData)
+	items, err := getFlashDutyChannels(nc.RequestConfig.FlashDutyRequestConfig.IntegrationUrl, jsonData, time.Duration(nc.RequestConfig.FlashDutyRequestConfig.Timeout)*time.Millisecond)
 	ginx.Dangerous(err)
 
 	ginx.NewRender(c).Data(items, nil)
 }
 
-// getFlashDutyChannels 从FlashDuty API获取频道列表
-func getFlashDutyChannels(integrationUrl string, jsonData []byte) ([]struct {
+type flushDutyChannelsResponse struct {
+	Error struct {
+		Code    string `json:"code"`
+		Message string `json:"message"`
+	} `json:"error"`
+	Data struct {
+		Items []FlashDutyChannel `json:"items"`
+		Total int                `json:"total"`
+	} `json:"data"`
+}
+
+type FlashDutyChannel struct {
 	ChannelID   int    `json:"channel_id"`
 	ChannelName string `json:"channel_name"`
 	Status      string `json:"status"`
-}, error) {
+}
+
+// getFlashDutyChannels 从FlashDuty API获取频道列表
+func getFlashDutyChannels(integrationUrl string, jsonData []byte, timeout time.Duration) ([]FlashDutyChannel, error) {
 	// 解析URL，提取baseUrl和参数
 	baseUrl, integrationKey, err := parseIntegrationUrl(integrationUrl)
 	if err != nil {
@@ -227,7 +225,9 @@ func getFlashDutyChannels(integrationUrl string, jsonData []byte) ([]struct {
 	}
 
 	req.Header.Set("Content-Type", "application/json")
-	httpResp, err := (&http.Client{}).Do(req)
+	httpResp, err := (&http.Client{
+		Timeout: timeout,
+	}).Do(req)
 	if err != nil {
 		return nil, err
 	}
@@ -266,3 +266,149 @@ func parseIntegrationUrl(urlStr string) (baseUrl string, integrationKey string,
 
 	return host, integrationKey, nil
 }
+
+func (rt *Router) pagerDutyNotifyServicesGet(c *gin.Context) {
+	cid := ginx.UrlParamInt64(c, "id")
+	nc, err := models.NotifyChannelGet(rt.Ctx, "id = ?", cid)
+	ginx.Dangerous(err)
+	if err != nil || nc == nil {
+		ginx.Bomb(http.StatusNotFound, "notify channel not found")
+	}
+
+	items, err := getPagerDutyServices(nc.RequestConfig.PagerDutyRequestConfig.ApiKey, time.Duration(nc.RequestConfig.PagerDutyRequestConfig.Timeout)*time.Millisecond)
+	if err != nil {
+		ginx.Bomb(http.StatusInternalServerError, fmt.Sprintf("failed to get pagerduty services: %v", err))
+	}
+	// 服务: []集成，扁平化为服务-集成
+	var flattenedItems []map[string]string
+	for _, svc := range items {
+		for _, integ := range svc.Integrations {
+			flattenedItems = append(flattenedItems, map[string]string{
+				"service_id":          svc.ID,
+				"service_name":        svc.Name,
+				"integration_summary": integ.Summary,
+				"integration_id":      integ.ID,
+				"integration_url":     integ.Self,
+			})
+		}
+	}
+
+	ginx.NewRender(c).Data(flattenedItems, nil)
+}
+
+func (rt *Router) pagerDutyIntegrationKeyGet(c *gin.Context) {
+	serviceId := ginx.UrlParamStr(c, "service_id")
+	integrationId := ginx.UrlParamStr(c, "integration_id")
+	cid := ginx.UrlParamInt64(c, "id")
+	nc, err := models.NotifyChannelGet(rt.Ctx, "id = ?", cid)
+	ginx.Dangerous(err)
+	if err != nil || nc == nil {
+		ginx.Bomb(http.StatusNotFound, "notify channel not found")
+	}
+
+	integrationUrl := fmt.Sprintf("https://api.pagerduty.com/services/%s/integrations/%s", serviceId, integrationId)
+	integrationKey, err := getPagerDutyIntegrationKey(integrationUrl, nc.RequestConfig.PagerDutyRequestConfig.ApiKey, time.Duration(nc.RequestConfig.PagerDutyRequestConfig.Timeout)*time.Millisecond)
+	if err != nil {
+		ginx.Bomb(http.StatusInternalServerError, fmt.Sprintf("failed to get pagerduty integration key: %v", err))
+	}
+
+	ginx.NewRender(c).Data(map[string]string{
+		"integration_key": integrationKey,
+	}, nil)
+}
+
+type PagerDutyIntegration struct {
+	ID             string `json:"id"`
+	IntegrationKey string `json:"integration_key"`
+	Self           string `json:"self"` // integration 的 API URL
+	Summary        string `json:"summary"`
+}
+
+type PagerDutyService struct {
+	Name         string                 `json:"name"`
+	ID           string                 `json:"id"`
+	Integrations []PagerDutyIntegration `json:"integrations"`
+}
+
+// getPagerDutyServices 从 PagerDuty API 分页获取所有服务及其集成信息
+func getPagerDutyServices(apiKey string, timeout time.Duration) ([]PagerDutyService, error) {
+	const limit = 100 // 每页最大数量
+	var offset uint   // 分页偏移量
+	var allServices []PagerDutyService
+
+	for {
+		// 构建带分页参数的 URL
+		url := fmt.Sprintf("https://api.pagerduty.com/services?limit=%d&offset=%d", limit, offset)
+
+		req, err := http.NewRequest("GET", url, nil)
+		if err != nil {
+			return nil, err
+		}
+		req.Header.Set("Authorization", fmt.Sprintf("Token token=%s", apiKey))
+		req.Header.Set("Accept", "application/vnd.pagerduty+json;version=2")
+
+		httpResp, err := (&http.Client{Timeout: timeout}).Do(req)
+		if err != nil {
+			return nil, err
+		}
+
+		body, err := io.ReadAll(httpResp.Body)
+		httpResp.Body.Close()
+		if err != nil {
+			return nil, err
+		}
+
+		// 定义包含分页信息的响应结构
+		var serviceRes struct {
+			Services []PagerDutyService `json:"services"`
+			More     bool               `json:"more"` // 是否还有更多数据
+			Limit    uint               `json:"limit"`
+			Offset   uint               `json:"offset"`
+		}
+
+		if err := json.Unmarshal(body, &serviceRes); err != nil {
+			return nil, err
+		}
+		allServices = append(allServices, serviceRes.Services...)
+		// 判断是否还有更多数据
+		if !serviceRes.More || len(serviceRes.Services) < int(limit) {
+			break
+		}
+		offset += limit // 准备请求下一页
+	}
+
+	return allServices, nil
+}
+
+// getPagerDutyIntegrationKey 通过 integration 的 API URL 获取 integration key
+func getPagerDutyIntegrationKey(integrationUrl, apiKey string, timeout time.Duration) (string, error) {
+	req, err := http.NewRequest("GET", integrationUrl, nil)
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set("Authorization", fmt.Sprintf("Token token=%s", apiKey))
+
+	httpResp, err := (&http.Client{
+		Timeout: timeout,
+	}).Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer httpResp.Body.Close()
+	body, err := io.ReadAll(httpResp.Body)
+	if err != nil {
+		return "", err
+	}
+
+	var integRes struct {
+		Integration struct {
+			IntegrationKey string `json:"integration_key"`
+		} `json:"integration"`
+	}
+
+	if err := json.Unmarshal(body, &integRes); err != nil {
+		return "", err
+	}
+
+	return integRes.Integration.IntegrationKey, nil
+}

center/router/router_notify_channel_test.go

@@ -11,7 +11,7 @@ func TestGetFlashDutyChannels(t *testing.T) {
 	jsonData := []byte(`{}`)
 
 	// 调用被测试的函数
-	channels, err := getFlashDutyChannels(integrationUrl, jsonData)
+	channels, err := getFlashDutyChannels(integrationUrl, jsonData, 5000)
 
 	fmt.Println(channels, err)
 }

center/router/router_notify_config.go

@@ -162,7 +162,7 @@ func (rt *Router) notifyConfigPut(c *gin.Context) {
 		ginx.Bomb(200, "key %s can not modify", f.Ckey)
 	}
 	username := c.MustGet("username").(string)
-	//insert or update build-in config
+	//insert or update built-in config
 	ginx.Dangerous(models.ConfigsSetWithUname(rt.Ctx, f.Ckey, f.Cval, username))
 	if f.Ckey == models.SMTP {
 		// 重置邮件发送器
@@ -219,8 +219,8 @@ func (rt *Router) notifyChannelConfigGets(c *gin.Context) {
 	id := ginx.QueryInt64(c, "id", 0)
 	name := ginx.QueryStr(c, "name", "")
 	ident := ginx.QueryStr(c, "ident", "")
-	eabled := ginx.QueryInt(c, "eabled", -1)
+	enabled := ginx.QueryInt(c, "enabled", -1)
 
-	notifyChannels, err := models.NotifyChannelGets(rt.Ctx, id, name, ident, eabled)
+	notifyChannels, err := models.NotifyChannelGets(rt.Ctx, id, name, ident, enabled)
 	ginx.NewRender(c).Data(notifyChannels, err)
 }

center/router/router_notify_rule.go

@@ -181,6 +181,13 @@ func SendNotifyChannelMessage(ctx *ctx.Context, userCache *memsto.UserCacheType,
 	if !notifyChannel.Enable {
 		return "", fmt.Errorf("notify channel not enabled, please enable it first")
 	}
+
+	// 获取站点URL用于模板渲染
+	siteUrl, _ := models.ConfigsGetSiteUrl(ctx)
+	if siteUrl == "" {
+		siteUrl = "http://127.0.0.1:17000"
+	}
+
 	tplContent := make(map[string]interface{})
 	if notifyChannel.RequestType != "flashduty" {
 		messageTemplates, err := models.MessageTemplateGets(ctx, notifyConfig.TemplateID, "", "")
@@ -191,14 +198,14 @@ func SendNotifyChannelMessage(ctx *ctx.Context, userCache *memsto.UserCacheType,
 		if len(messageTemplates) == 0 {
 			return "", fmt.Errorf("message template not found")
 		}
-		tplContent = messageTemplates[0].RenderEvent(events)
+		tplContent = messageTemplates[0].RenderEvent(events, siteUrl)
 	}
 	var contactKey string
 	if notifyChannel.ParamConfig != nil && notifyChannel.ParamConfig.UserInfo != nil {
 		contactKey = notifyChannel.ParamConfig.UserInfo.ContactKey
 	}
 
-	sendtos, flashDutyChannelIDs, customParams := dispatch.GetNotifyConfigParams(&notifyConfig, contactKey, userCache, userGroup)
+	sendtos, flashDutyChannelIDs, pagerDutyRoutingKeys, customParams := dispatch.GetNotifyConfigParams(&notifyConfig, contactKey, userCache, userGroup)
 
 	var resp string
 	switch notifyChannel.RequestType {
@@ -216,6 +223,20 @@ func SendNotifyChannelMessage(ctx *ctx.Context, userCache *memsto.UserCacheType,
 		}
 		logger.Infof("channel_name: %v, event:%+v, tplContent:%s, customParams:%v, respBody: %v, err: %v", notifyChannel.Name, events[0], tplContent, customParams, resp, err)
 		return resp, nil
+	case "pagerduty":
+		client, err := models.GetHTTPClient(notifyChannel)
+		if err != nil {
+			return "", fmt.Errorf("failed to get http client: %v", err)
+		}
+
+		for _, routingKey := range pagerDutyRoutingKeys {
+			resp, err = notifyChannel.SendPagerDuty(events, routingKey, siteUrl, client)
+			if err != nil {
+				return "", fmt.Errorf("failed to send pagerduty notify: %v", err)
+			}
+		}
+		logger.Infof("channel_name: %v, event:%+v, tplContent:%s, customParams:%v, respBody: %v, err: %v", notifyChannel.Name, events[0], tplContent, customParams, resp, err)
+		return resp, nil
 	case "http":
 		client, err := models.GetHTTPClient(notifyChannel)
 		if err != nil {
@@ -317,8 +338,8 @@ func (rt *Router) notifyRuleCustomParamsGet(c *gin.Context) {
 			filterKey := ""
 			for key, value := range nc.Params {
 				// 找到在通知媒介中的自定义变量配置项，进行 cname 转换
-				cname, exsits := keyMap[key]
-				if exsits {
+				cname, exists := keyMap[key]
+				if exists {
 					list = append(list, paramList{
 						Name:  key,
 						CName: cname,

center/router/router_proxy.go

@@ -148,6 +148,8 @@ func (rt *Router) dsProxy(c *gin.Context) {
 
 		if ds.AuthJson.BasicAuthUser != "" {
 			req.SetBasicAuth(ds.AuthJson.BasicAuthUser, ds.AuthJson.BasicAuthPassword)
+		} else {
+			req.Header.Del("Authorization")
 		}
 
 		headerCount := len(ds.HTTPJson.Headers)
@@ -276,11 +278,11 @@ func (rt *Router) deleteDatasourceSeries(c *gin.Context) {
 	}
 
 	timeout := time.Duration(ds.HTTPJson.DialTimeout) * time.Millisecond
-	matchQuerys := make([]string, 0)
+	matchQueries := make([]string, 0)
 	for _, match := range ddsf.Match {
-		matchQuerys = append(matchQuerys, fmt.Sprintf("match[]=%s", match))
+		matchQueries = append(matchQueries, fmt.Sprintf("match[]=%s", match))
 	}
-	matchQuery := strings.Join(matchQuerys, "&")
+	matchQuery := strings.Join(matchQueries, "&")
 
 	switch datasourceType {
 	case DatasourceTypePrometheus:

center/router/router_query.go

@@ -1,18 +1,23 @@
 package router
 
 import (
+	"context"
 	"fmt"
 	"sort"
 	"sync"
 
 	"github.com/ccfos/nightingale/v6/dscache"
+	"github.com/ccfos/nightingale/v6/dskit/doris"
 	"github.com/ccfos/nightingale/v6/models"
+
 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
 )
 
-func CheckDsPerm(c *gin.Context, dsId int64, cate string, q interface{}) bool {
+type CheckDsPermFunc func(c *gin.Context, dsId int64, cate string, q interface{}) bool
+
+var CheckDsPerm CheckDsPermFunc = func(c *gin.Context, dsId int64, cate string, q interface{}) bool {
 	// todo: 后续需要根据 cate 判断是否需要权限
 	return true
 }
@@ -107,12 +112,15 @@ func (rt *Router) QueryLogBatch(c *gin.Context) {
 }
 
 func QueryDataConcurrently(anonymousAccess bool, ctx *gin.Context, f models.QueryParam) ([]models.DataResp, error) {
-	var resp []models.DataResp
-	var mu sync.Mutex
-	var wg sync.WaitGroup
-	var errs []error
+	var (
+		resp []models.DataResp
+		mu   sync.Mutex
+		wg   sync.WaitGroup
+		errs []error
+		rCtx = ctx.Request.Context()
+	)
 
-	for _, q := range f.Querys {
+	for _, q := range f.Queries {
 		if !anonymousAccess && !CheckDsPerm(ctx, f.DatasourceId, f.Cate, q) {
 			return nil, fmt.Errorf("forbidden")
 		}
@@ -122,12 +130,17 @@ func QueryDataConcurrently(anonymousAccess bool, ctx *gin.Context, f models.Quer
 			logger.Warningf("cluster:%d not exists", f.DatasourceId)
 			return nil, fmt.Errorf("cluster not exists")
 		}
+		
+		vCtx := rCtx
+		if f.Cate == models.DORIS {
+			vCtx = context.WithValue(vCtx, doris.NoNeedCheckMaxRow, true)
+		}
 
 		wg.Add(1)
 		go func(query interface{}) {
 			defer wg.Done()
 
-			datas, err := plug.QueryData(ctx.Request.Context(), query)
+			data, err := plug.QueryData(vCtx, query)
 			if err != nil {
 				logger.Warningf("query data error: req:%+v err:%v", query, err)
 				mu.Lock()
@@ -136,9 +149,9 @@ func QueryDataConcurrently(anonymousAccess bool, ctx *gin.Context, f models.Quer
 				return
 			}
 
-			logger.Debugf("query data: req:%+v resp:%+v", query, datas)
+			logger.Debugf("query data: req:%+v resp:%+v", query, data)
 			mu.Lock()
-			resp = append(resp, datas...)
+			resp = append(resp, data...)
 			mu.Unlock()
 		}(q)
 	}
@@ -183,7 +196,7 @@ func QueryLogConcurrently(anonymousAccess bool, ctx *gin.Context, f models.Query
 	var wg sync.WaitGroup
 	var errs []error
 
-	for _, q := range f.Querys {
+	for _, q := range f.Queries {
 		if !anonymousAccess && !CheckDsPerm(ctx, f.DatasourceId, f.Cate, q) {
 			return LogResp{}, fmt.Errorf("forbidden")
 		}
@@ -242,7 +255,7 @@ func (rt *Router) QueryLog(c *gin.Context) {
 	ginx.BindJSON(c, &f)
 
 	var resp []interface{}
-	for _, q := range f.Querys {
+	for _, q := range f.Queries {
 		if !rt.Center.AnonymousAccess.PromQuerier && !CheckDsPerm(c, f.DatasourceId, f.Cate, q) {
 			ginx.Bomb(200, "forbidden")
 		}

center/router/router_saved_view.go

@@ -0,0 +1,144 @@
+package router
+
+import (
+	"net/http"
+
+	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/slice"
+
+	"github.com/gin-gonic/gin"
+	"github.com/toolkits/pkg/ginx"
+)
+
+func (rt *Router) savedViewGets(c *gin.Context) {
+	page := ginx.QueryStr(c, "page", "")
+
+	me := c.MustGet("user").(*models.User)
+
+	lst, err := models.SavedViewGets(rt.Ctx, page)
+	if err != nil {
+		ginx.NewRender(c).Data(nil, err)
+		return
+	}
+
+	userGids, err := models.MyGroupIds(rt.Ctx, me.Id)
+	if err != nil {
+		ginx.NewRender(c).Data(nil, err)
+		return
+	}
+
+	favoriteMap, err := models.SavedViewFavoriteGetByUserId(rt.Ctx, me.Id)
+	if err != nil {
+		ginx.NewRender(c).Data(nil, err)
+		return
+	}
+
+	favoriteViews := make([]models.SavedView, 0)
+	normalViews := make([]models.SavedView, 0)
+
+	for _, view := range lst {
+		visible := view.CreateBy == me.Username ||
+			view.PublicCate == 2 ||
+			(view.PublicCate == 1 && slice.HaveIntersection[int64](userGids, view.Gids))
+
+		if !visible {
+			continue
+		}
+
+		view.IsFavorite = favoriteMap[view.Id]
+
+		// 收藏的排前面
+		if view.IsFavorite {
+			favoriteViews = append(favoriteViews, view)
+		} else {
+			normalViews = append(normalViews, view)
+		}
+	}
+
+	ginx.NewRender(c).Data(append(favoriteViews, normalViews...), nil)
+}
+
+func (rt *Router) savedViewAdd(c *gin.Context) {
+	var f models.SavedView
+	ginx.BindJSON(c, &f)
+
+	me := c.MustGet("user").(*models.User)
+	f.Id = 0
+	f.CreateBy = me.Username
+	f.UpdateBy = me.Username
+
+	err := models.SavedViewAdd(rt.Ctx, &f)
+	ginx.NewRender(c).Data(f.Id, err)
+}
+
+func (rt *Router) savedViewPut(c *gin.Context) {
+	id := ginx.UrlParamInt64(c, "id")
+
+	view, err := models.SavedViewGetById(rt.Ctx, id)
+	if err != nil {
+		ginx.NewRender(c).Data(nil, err)
+		return
+	}
+	if view == nil {
+		ginx.NewRender(c, http.StatusNotFound).Message("saved view not found")
+		return
+	}
+
+	me := c.MustGet("user").(*models.User)
+	// 只有创建者可以更新
+	if view.CreateBy != me.Username && !me.IsAdmin() {
+		ginx.NewRender(c, http.StatusForbidden).Message("forbidden")
+		return
+	}
+
+	var f models.SavedView
+	ginx.BindJSON(c, &f)
+
+	view.Name = f.Name
+	view.Filter = f.Filter
+	view.PublicCate = f.PublicCate
+	view.Gids = f.Gids
+
+	err = models.SavedViewUpdate(rt.Ctx, view, me.Username)
+	ginx.NewRender(c).Message(err)
+}
+
+func (rt *Router) savedViewDel(c *gin.Context) {
+	id := ginx.UrlParamInt64(c, "id")
+
+	view, err := models.SavedViewGetById(rt.Ctx, id)
+	if err != nil {
+		ginx.NewRender(c).Data(nil, err)
+		return
+	}
+	if view == nil {
+		ginx.NewRender(c, http.StatusNotFound).Message("saved view not found")
+		return
+	}
+
+	me := c.MustGet("user").(*models.User)
+	// 只有创建者或管理员可以删除
+	if view.CreateBy != me.Username && !me.IsAdmin() {
+		ginx.NewRender(c, http.StatusForbidden).Message("forbidden")
+		return
+	}
+
+	err = models.SavedViewDel(rt.Ctx, id)
+	ginx.NewRender(c).Message(err)
+}
+
+func (rt *Router) savedViewFavoriteAdd(c *gin.Context) {
+	id := ginx.UrlParamInt64(c, "id")
+	me := c.MustGet("user").(*models.User)
+
+	err := models.UserViewFavoriteAdd(rt.Ctx, id, me.Id)
+	ginx.NewRender(c).Message(err)
+}
+
+func (rt *Router) savedViewFavoriteDel(c *gin.Context) {
+	id := ginx.UrlParamInt64(c, "id")
+	me := c.MustGet("user").(*models.User)
+
+	err := models.UserViewFavoriteDel(rt.Ctx, id, me.Id)
+	ginx.NewRender(c).Message(err)
+}

center/router/router_target.go

@@ -11,6 +11,7 @@ import (
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
 	"github.com/ccfos/nightingale/v6/pkg/strx"
+	"github.com/ccfos/nightingale/v6/pushgw/idents"
 	"github.com/ccfos/nightingale/v6/storage"
 
 	"github.com/gin-gonic/gin"
@@ -601,3 +602,10 @@ func (rt *Router) targetsOfHostQuery(c *gin.Context) {
 
 	ginx.NewRender(c).Data(lst, nil)
 }
+
+func (rt *Router) targetUpdate(c *gin.Context) {
+	var f idents.TargetUpdate
+	ginx.BindJSON(c, &f)
+
+	ginx.NewRender(c).Message(rt.IdentSet.UpdateTargets(f.Lst, f.Now))
+}

center/router/router_user.go

@@ -1,6 +1,7 @@
 package router
 
 import (
+	"fmt"
 	"net/http"
 	"strings"
 
@@ -12,6 +13,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
+	"gorm.io/gorm"
 )
 
 func (rt *Router) userBusiGroupsGets(c *gin.Context) {
@@ -233,6 +235,16 @@ func (rt *Router) userDel(c *gin.Context) {
 		return
 	}
 
+	// 如果要删除的用户是 admin 角色，检查是否是最后一个 admin
+	if target.IsAdmin() {
+		adminCount, err := models.CountAdminUsers(rt.Ctx)
+		ginx.Dangerous(err)
+
+		if adminCount <= 1 {
+			ginx.Bomb(http.StatusBadRequest, "Cannot delete the last admin user")
+		}
+	}
+
 	ginx.NewRender(c).Message(target.Del(rt.Ctx))
 }
 
@@ -252,3 +264,210 @@ func (rt *Router) installDateGet(c *gin.Context) {
 
 	ginx.NewRender(c).Data(rootUser.CreateAt, nil)
 }
+
+// usersPhoneEncrypt 统一手机号加密
+func (rt *Router) usersPhoneEncrypt(c *gin.Context) {
+	users, err := models.UserGetAll(rt.Ctx)
+	if err != nil {
+		ginx.NewRender(c).Message(fmt.Errorf("get users failed: %v", err))
+		return
+	}
+
+	// 获取RSA密钥
+	_, publicKey, _, err := models.GetRSAKeys(rt.Ctx)
+	if err != nil {
+		ginx.NewRender(c).Message(fmt.Errorf("get RSA keys failed: %v", err))
+		return
+	}
+
+	// 先启用手机号加密功能
+	err = models.SetPhoneEncryptionEnabled(rt.Ctx, true)
+	if err != nil {
+		ginx.NewRender(c).Message(fmt.Errorf("enable phone encryption failed: %v", err))
+		return
+	}
+
+	// 刷新配置缓存
+	err = models.RefreshPhoneEncryptionCache(rt.Ctx)
+	if err != nil {
+		logger.Errorf("Failed to refresh phone encryption cache: %v", err)
+		// 回滚配置
+		models.SetPhoneEncryptionEnabled(rt.Ctx, false)
+		ginx.NewRender(c).Message(fmt.Errorf("refresh cache failed: %v", err))
+		return
+	}
+
+	successCount := 0
+	failCount := 0
+	var failedUsers []string
+
+	// 使用事务处理所有用户的手机号加密
+	err = models.DB(rt.Ctx).Transaction(func(tx *gorm.DB) error {
+		// 对每个用户的手机号进行加密
+		for _, user := range users {
+			if user.Phone == "" {
+				continue
+			}
+
+			if isPhoneEncrypted(user.Phone) {
+				continue
+			}
+
+			encryptedPhone, err := secu.EncryptValue(user.Phone, publicKey)
+			if err != nil {
+				logger.Errorf("Failed to encrypt phone for user %s: %v", user.Username, err)
+				failCount++
+				failedUsers = append(failedUsers, user.Username)
+				continue
+			}
+
+			err = tx.Model(&models.User{}).Where("id = ?", user.Id).Update("phone", encryptedPhone).Error
+			if err != nil {
+				logger.Errorf("Failed to update phone for user %s: %v", user.Username, err)
+				failCount++
+				failedUsers = append(failedUsers, user.Username)
+				continue
+			}
+
+			successCount++
+			logger.Debugf("Successfully encrypted phone for user %s", user.Username)
+		}
+
+		// 如果有失败的用户，回滚事务
+		if failCount > 0 {
+			return fmt.Errorf("encrypt failed users: %d, failed users: %v", failCount, failedUsers)
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		// 加密失败，回滚配置
+		models.SetPhoneEncryptionEnabled(rt.Ctx, false)
+		models.RefreshPhoneEncryptionCache(rt.Ctx)
+		ginx.NewRender(c).Message(fmt.Errorf("encrypt phone failed: %v", err))
+		return
+	}
+
+	ginx.NewRender(c).Data(gin.H{
+		"success_count": successCount,
+		"fail_count":    failCount,
+	}, nil)
+}
+
+func (rt *Router) usersPhoneDecryptRefresh(c *gin.Context) {
+	err := models.RefreshPhoneEncryptionCache(rt.Ctx)
+	if err != nil {
+		ginx.NewRender(c).Message(fmt.Errorf("refresh phone encryption cache failed: %v", err))
+		return
+	}
+
+	ginx.NewRender(c).Message(nil)
+}
+
+// usersPhoneDecrypt 统一手机号解密
+func (rt *Router) usersPhoneDecrypt(c *gin.Context) {
+	// 先关闭手机号加密功能
+	err := models.SetPhoneEncryptionEnabled(rt.Ctx, false)
+	if err != nil {
+		ginx.NewRender(c).Message(fmt.Errorf("disable phone encryption failed: %v", err))
+		return
+	}
+
+	// 刷新配置缓存
+	err = models.RefreshPhoneEncryptionCache(rt.Ctx)
+	if err != nil {
+		logger.Errorf("Failed to refresh phone encryption cache: %v", err)
+		// 回滚配置
+		models.SetPhoneEncryptionEnabled(rt.Ctx, true)
+		ginx.NewRender(c).Message(fmt.Errorf("refresh cache failed: %v", err))
+		return
+	}
+
+	// 获取所有用户（此时加密开关已关闭，直接读取数据库原始数据）
+	var users []*models.User
+	err = models.DB(rt.Ctx).Find(&users).Error
+	if err != nil {
+		// 回滚配置
+		models.SetPhoneEncryptionEnabled(rt.Ctx, true)
+		models.RefreshPhoneEncryptionCache(rt.Ctx)
+		ginx.NewRender(c).Message(fmt.Errorf("get users failed: %v", err))
+		return
+	}
+
+	// 获取RSA密钥
+	privateKey, _, password, err := models.GetRSAKeys(rt.Ctx)
+	if err != nil {
+		// 回滚配置
+		models.SetPhoneEncryptionEnabled(rt.Ctx, true)
+		models.RefreshPhoneEncryptionCache(rt.Ctx)
+		ginx.NewRender(c).Message(fmt.Errorf("get RSA keys failed: %v", err))
+		return
+	}
+
+	successCount := 0
+	failCount := 0
+	var failedUsers []string
+
+	// 使用事务处理所有用户的手机号解密
+	err = models.DB(rt.Ctx).Transaction(func(tx *gorm.DB) error {
+		// 对每个用户的手机号进行解密
+		for _, user := range users {
+			if user.Phone == "" {
+				continue
+			}
+
+			// 检查是否是加密的手机号
+			if !isPhoneEncrypted(user.Phone) {
+				continue
+			}
+
+			// 对手机号进行解密
+			decryptedPhone, err := secu.Decrypt(user.Phone, privateKey, password)
+			if err != nil {
+				logger.Errorf("Failed to decrypt phone for user %s: %v", user.Username, err)
+				failCount++
+				failedUsers = append(failedUsers, user.Username)
+				continue
+			}
+
+			// 直接更新数据库中的手机号字段（绕过GORM钩子）
+			err = tx.Model(&models.User{}).Where("id = ?", user.Id).Update("phone", decryptedPhone).Error
+			if err != nil {
+				logger.Errorf("Failed to update phone for user %s: %v", user.Username, err)
+				failCount++
+				failedUsers = append(failedUsers, user.Username)
+				continue
+			}
+
+			successCount++
+			logger.Debugf("Successfully decrypted phone for user %s", user.Username)
+		}
+
+		// 如果有失败的用户，回滚事务
+		if failCount > 0 {
+			return fmt.Errorf("decrypt failed users: %d, failed users: %v", failCount, failedUsers)
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		// 解密失败，回滚配置
+		models.SetPhoneEncryptionEnabled(rt.Ctx, true)
+		models.RefreshPhoneEncryptionCache(rt.Ctx)
+		ginx.NewRender(c).Message(fmt.Errorf("decrypt phone failed: %v", err))
+		return
+	}
+
+	ginx.NewRender(c).Data(gin.H{
+		"success_count": successCount,
+		"fail_count":    failCount,
+	}, nil)
+}
+
+// isPhoneEncrypted 检查手机号是否已经加密
+func isPhoneEncrypted(phone string) bool {
+	// 检查是否有 "enc:" 前缀标记
+	return len(phone) > 4 && phone[:4] == "enc:"
+}

center/sso/init.go

@@ -1,6 +1,7 @@
 package sso
 
 import (
+	"encoding/json"
 	"fmt"
 	"log"
 	"time"
@@ -10,6 +11,7 @@ import (
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/cas"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/dingtalk"
 	"github.com/ccfos/nightingale/v6/pkg/ldapx"
 	"github.com/ccfos/nightingale/v6/pkg/oauth2x"
 	"github.com/ccfos/nightingale/v6/pkg/oidcx"
@@ -24,6 +26,7 @@ type SsoClient struct {
 	LDAP                 *ldapx.SsoClient
 	CAS                  *cas.SsoClient
 	OAuth2               *oauth2x.SsoClient
+	DingTalk             *dingtalk.SsoClient
 	LastUpdateTime       int64
 	configCache          *memsto.ConfigCache
 	configLastUpdateTime int64
@@ -193,6 +196,13 @@ func Init(center cconf.Center, ctx *ctx.Context, configCache *memsto.ConfigCache
 				log.Fatalln("init oauth2 failed:", err)
 			}
 			ssoClient.OAuth2 = oauth2x.New(config)
+		case dingtalk.SsoTypeName:
+			var config dingtalk.Config
+			err := json.Unmarshal([]byte(cfg.Content), &config)
+			if err != nil {
+				log.Fatalf("init %s failed: %s", dingtalk.SsoTypeName, err)
+			}
+			ssoClient.DingTalk = dingtalk.New(config)
 		}
 	}
 
@@ -218,7 +228,9 @@ func (s *SsoClient) reload(ctx *ctx.Context) error {
 		return err
 	}
 	userVariableMap := s.configCache.Get()
+	ssoConfigMap := make(map[string]models.SsoConfig, 0)
 	for _, cfg := range configs {
+		ssoConfigMap[cfg.Name] = cfg
 		cfg.Content = tplx.ReplaceTemplateUseText(cfg.Name, cfg.Content, userVariableMap)
 		switch cfg.Name {
 		case "LDAP":
@@ -259,9 +271,26 @@ func (s *SsoClient) reload(ctx *ctx.Context) error {
 				continue
 			}
 			s.OAuth2.Reload(config)
+
 		}
 	}
 
+	if dingTalkConfig, ok := ssoConfigMap[dingtalk.SsoTypeName]; ok {
+		var config dingtalk.Config
+		err := json.Unmarshal([]byte(dingTalkConfig.Content), &config)
+		if err != nil {
+			logger.Warningf("reload %s failed: %s", dingtalk.SsoTypeName, err)
+		} else {
+			if s.DingTalk != nil {
+				s.DingTalk.Reload(config)
+			} else {
+				s.DingTalk = dingtalk.New(config)
+			}
+		}
+	} else {
+		s.DingTalk = nil
+	}
+
 	s.LastUpdateTime = lastUpdateTime
 	s.configLastUpdateTime = lastCacheUpdateTime
 	return nil

cli/upgrade/upgrade.go

@@ -37,7 +37,7 @@ func Upgrade(configFile string) error {
 			}
 		}
 
-		authJosn := models.Auth{
+		authJson := models.Auth{
 			BasicAuthUser:     cluster.BasicAuthUser,
 			BasicAuthPassword: cluster.BasicAuthPass,
 		}
@@ -53,18 +53,18 @@ func Upgrade(configFile string) error {
 			Headers:             header,
 		}
 
-		datasrouce := models.Datasource{
+		datasource := models.Datasource{
 			PluginId:       1,
 			PluginType:     "prometheus",
 			PluginTypeName: "Prometheus Like",
 			Name:           cluster.Name,
 			HTTPJson:       httpJson,
-			AuthJson:       authJosn,
+			AuthJson:       authJson,
 			ClusterName:    "default",
 			Status:         "enabled",
 		}
 
-		err = datasrouce.Add(ctx)
+		err = datasource.Add(ctx)
 		if err != nil {
 			logger.Errorf("add datasource %s error: %v", cluster.Name, err)
 		}

cmd/edge/edge.go

@@ -85,7 +85,7 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 		externalProcessors := process.NewExternalProcessors()
 
 		alert.Start(config.Alert, config.Pushgw, syncStats, alertStats, externalProcessors, targetCache, busiGroupCache, alertMuteCache,
-			alertRuleCache, notifyConfigCache, taskTplsCache, dsCache, ctx, promClients, userCache, userGroupCache, notifyRuleCache, notifyChannelCache, messageTemplateCache)
+			alertRuleCache, notifyConfigCache, taskTplsCache, dsCache, ctx, promClients, userCache, userGroupCache, notifyRuleCache, notifyChannelCache, messageTemplateCache, configCvalCache)
 
 		alertrtRouter := alertrt.New(config.HTTP, config.Alert, alertMuteCache, targetCache, busiGroupCache, alertStats, ctx, externalProcessors)
 

cron/clean_notify_record.go

@@ -12,7 +12,7 @@ import (
 
 func cleanNotifyRecord(ctx *ctx.Context, day int) {
 	lastWeek := time.Now().Unix() - 86400*int64(day)
-	err := models.DB(ctx).Model(&models.NotificaitonRecord{}).Where("created_at < ?", lastWeek).Delete(&models.NotificaitonRecord{}).Error
+	err := models.DB(ctx).Model(&models.NotificationRecord{}).Where("created_at < ?", lastWeek).Delete(&models.NotificationRecord{}).Error
 	if err != nil {
 		logger.Errorf("Failed to clean notify record: %v", err)
 	}

datasource/commons/eslike/eslike.go

@@ -10,14 +10,26 @@ import (
 
 	"github.com/araddon/dateparse"
 	"github.com/bitly/go-simplejson"
-	"github.com/ccfos/nightingale/v6/memsto"
-	"github.com/ccfos/nightingale/v6/models"
 	"github.com/mitchellh/mapstructure"
 	"github.com/olivere/elastic/v7"
 	"github.com/prometheus/common/model"
 	"github.com/toolkits/pkg/logger"
+
+	"github.com/ccfos/nightingale/v6/memsto"
+	"github.com/ccfos/nightingale/v6/models"
 )
 
+type FixedField string
+
+const (
+	FieldIndex FixedField = "_index"
+	FieldId    FixedField = "_id"
+)
+
+// LabelSeparator 用于分隔多个标签的分隔符
+// 使用 ASCII 控制字符 Record Separator (0x1E)，避免与用户数据中的 "--" 冲突
+const LabelSeparator = "\x1e"
+
 type Query struct {
 	Ref            string     `json:"ref" mapstructure:"ref"`
 	IndexType      string     `json:"index_type" mapstructure:"index_type"` // 普通索引:index 索引模式:index_pattern
@@ -37,6 +49,18 @@ type Query struct {
 
 	Timeout  int `json:"timeout" mapstructure:"timeout"`
 	MaxShard int `json:"max_shard" mapstructure:"max_shard"`
+
+	SearchAfter *SearchAfter `json:"search_after" mapstructure:"search_after"`
+}
+
+type SortField struct {
+	Field     string `json:"field" mapstructure:"field"`
+	Ascending bool   `json:"ascending" mapstructure:"ascending"`
+}
+
+type SearchAfter struct {
+	SortFields  []SortField   `json:"sort_fields" mapstructure:"sort_fields"`   // 指定排序字段, 一般是timestamp:desc, _index:asc, _id:asc 三者组合，构成唯一的排序字段
+	SearchAfter []interface{} `json:"search_after" mapstructure:"search_after"` // 指定排序字段的搜索值，搜索值必须和sort_fields的顺序一致，为上一次查询的最后一条日志的值
 }
 
 type MetricAggr struct {
@@ -64,9 +88,9 @@ type QueryFieldsFunc func(indices []string) ([]string, error)
 type GroupByCate string
 
 const (
-	Filters  GroupByCate = "filters"
-	Histgram GroupByCate = "histgram"
-	Terms    GroupByCate = "terms"
+	Filters   GroupByCate = "filters"
+	Histogram GroupByCate = "histogram"
+	Terms     GroupByCate = "terms"
 )
 
 // 参数
@@ -108,7 +132,7 @@ func TransferData(metric, ref string, m map[string][][]float64) []models.DataRes
 		}
 
 		data.Metric["__name__"] = model.LabelValue(metric)
-		labels := strings.Split(k, "--")
+		labels := strings.Split(k, LabelSeparator)
 		for _, label := range labels {
 			arr := strings.SplitN(label, "=", 2)
 			if len(arr) == 2 {
@@ -158,7 +182,7 @@ func getUnixTs(timeStr string) int64 {
 	return parsedTime.UnixMilli()
 }
 
-func GetBuckts(labelKey string, keys []string, arr []interface{}, metrics *MetricPtr, labels string, ts int64, f string) {
+func GetBuckets(labelKey string, keys []string, arr []interface{}, metrics *MetricPtr, labels string, ts int64, f string) {
 	var err error
 	bucketsKey := ""
 	if len(keys) > 0 {
@@ -177,7 +201,7 @@ func GetBuckts(labelKey string, keys []string, arr []interface{}, metrics *Metri
 		case json.Number, string:
 			if !getTs {
 				if labels != "" {
-					newlabels = fmt.Sprintf("%s--%s=%v", labels, labelKey, keyValue)
+					newlabels = fmt.Sprintf("%s%s%s=%v", labels, LabelSeparator, labelKey, keyValue)
 				} else {
 					newlabels = fmt.Sprintf("%s=%v", labelKey, keyValue)
 				}
@@ -206,9 +230,9 @@ func GetBuckts(labelKey string, keys []string, arr []interface{}, metrics *Metri
 		nextBucketsArr, exists := innerBuckets.(map[string]interface{})["buckets"]
 		if exists {
 			if len(keys[1:]) >= 1 {
-				GetBuckts(bucketsKey, keys[1:], nextBucketsArr.([]interface{}), metrics, newlabels, ts, f)
+				GetBuckets(bucketsKey, keys[1:], nextBucketsArr.([]interface{}), metrics, newlabels, ts, f)
 			} else {
-				GetBuckts(bucketsKey, []string{}, nextBucketsArr.([]interface{}), metrics, newlabels, ts, f)
+				GetBuckets(bucketsKey, []string{}, nextBucketsArr.([]interface{}), metrics, newlabels, ts, f)
 			}
 		} else {
 
@@ -385,7 +409,7 @@ func QueryData(ctx context.Context, queryParam interface{}, cliTimeout int64, ve
 	}
 
 	q.Gte(time.Unix(start, 0).UnixMilli())
-	q.Lte(time.Unix(end, 0).UnixMilli())
+	q.Lt(time.Unix(end, 0).UnixMilli())
 	q.Format("epoch_millis")
 
 	field := param.MetricAggr.Field
@@ -421,10 +445,32 @@ func QueryData(ctx context.Context, queryParam interface{}, cliTimeout int64, ve
 		Field(param.DateField).
 		MinDocCount(1)
 
-	if strings.HasPrefix(version, "7") {
+	versionParts := strings.Split(version, ".")
+	major := 0
+	if len(versionParts) > 0 {
+		if m, err := strconv.Atoi(versionParts[0]); err == nil {
+			major = m
+		}
+	}
+	minor := 0
+	if len(versionParts) > 1 {
+		if m, err := strconv.Atoi(versionParts[1]); err == nil {
+			minor = m
+		}
+	}
+
+	if major >= 7 {
 		// 添加偏移量，使第一个分桶bucket的左边界对齐为 start 时间
 		offset := (start % param.Interval) - param.Interval
-		tsAggr.FixedInterval(fmt.Sprintf("%ds", param.Interval)).Offset(fmt.Sprintf("%ds", offset))
+
+		// 使用 fixed_interval 的条件：ES 7.2+ 或者任何 major > 7（例如 ES8）
+		if (major > 7) || (major == 7 && minor >= 2) {
+			// ES 7.2+ 以及 ES8+ 使用 fixed_interval
+			tsAggr.FixedInterval(fmt.Sprintf("%ds", param.Interval)).Offset(fmt.Sprintf("%ds", offset))
+		} else {
+			// 7.0-7.1 使用 interval（带 offset）
+			tsAggr.Interval(fmt.Sprintf("%ds", param.Interval)).Offset(fmt.Sprintf("%ds", offset))
+		}
 	} else {
 		// 兼容 7.0 以下的版本
 		// OpenSearch 也使用这个字段
@@ -451,7 +497,7 @@ func QueryData(ctx context.Context, queryParam interface{}, cliTimeout int64, ve
 			} else {
 				groupByAggregation = elastic.NewTermsAggregation().Field(groupBy.Field).OrderByKeyDesc().Size(groupBy.Size).MinDocCount(int(groupBy.MinDocCount))
 			}
-		case Histgram:
+		case Histogram:
 			if param.MetricAggr.Func != "count" {
 				groupByAggregation = elastic.NewHistogramAggregation().Field(groupBy.Field).Interval(float64(groupBy.Interval)).SubAggregation(field, aggr)
 			} else {
@@ -481,7 +527,7 @@ func QueryData(ctx context.Context, queryParam interface{}, cliTimeout int64, ve
 			switch groupBy.Cate {
 			case Terms:
 				groupByAggregation = elastic.NewTermsAggregation().Field(groupBy.Field).SubAggregation(groupBys[i-1].Field, groupByAggregation).OrderByKeyDesc().Size(groupBy.Size).MinDocCount(int(groupBy.MinDocCount))
-			case Histgram:
+			case Histogram:
 				groupByAggregation = elastic.NewHistogramAggregation().Field(groupBy.Field).Interval(float64(groupBy.Interval)).SubAggregation(groupBys[i-1].Field, groupByAggregation)
 			case Filters:
 				for _, filterParam := range groupBy.Params {
@@ -542,7 +588,7 @@ func QueryData(ctx context.Context, queryParam interface{}, cliTimeout int64, ve
 
 	metrics := &MetricPtr{Data: make(map[string][][]float64)}
 
-	GetBuckts("", keys, bucketsData, metrics, "", 0, param.MetricAggr.Func)
+	GetBuckets("", keys, bucketsData, metrics, "", 0, param.MetricAggr.Func)
 
 	items, err := TransferData(fmt.Sprintf("%s_%s", field, param.MetricAggr.Func), param.Ref, metrics.Data), nil
 
@@ -590,8 +636,8 @@ func QueryLog(ctx context.Context, queryParam interface{}, timeout int64, versio
 	now := time.Now().Unix()
 	var start, end int64
 	if param.End != 0 && param.Start != 0 {
-		end = param.End - param.End%param.Interval
-		start = param.Start - param.Start%param.Interval
+		end = param.End
+		start = param.Start
 	} else {
 		end = now
 		start = end - param.Interval
@@ -599,7 +645,7 @@ func QueryLog(ctx context.Context, queryParam interface{}, timeout int64, versio
 
 	q := elastic.NewRangeQuery(param.DateField)
 	q.Gte(time.Unix(start, 0).UnixMilli())
-	q.Lte(time.Unix(end, 0).UnixMilli())
+	q.Lt(time.Unix(end, 0).UnixMilli())
 	q.Format("epoch_millis")
 
 	queryString := GetQueryString(param.Filter, q)
@@ -611,14 +657,27 @@ func QueryLog(ctx context.Context, queryParam interface{}, timeout int64, versio
 	if param.MaxShard < 1 {
 		param.MaxShard = maxShard
 	}
-
+	// from+size 分页方式获取日志，受es 的max_result_window参数限制，默认最多返回1w条日志, 可以使用search_after方式获取更多日志
 	source := elastic.NewSearchSource().
 		TrackTotalHits(true).
 		Query(queryString).
-		From(param.P).
-		Size(param.Limit).
-		Sort(param.DateField, param.Ascending)
-
+		Size(param.Limit)
+	// 是否使用search_after方式
+	if param.SearchAfter != nil {
+		// 设置默认排序字段
+		if len(param.SearchAfter.SortFields) == 0 {
+			source = source.Sort(param.DateField, param.Ascending).Sort(string(FieldIndex), true).Sort(string(FieldId), true)
+		} else {
+			for _, field := range param.SearchAfter.SortFields {
+				source = source.Sort(field.Field, field.Ascending)
+			}
+		}
+		if len(param.SearchAfter.SearchAfter) > 0 {
+			source = source.SearchAfter(param.SearchAfter.SearchAfter...)
+		}
+	} else {
+		source = source.From(param.P).Sort(param.DateField, param.Ascending)
+	}
 	result, err := search(ctx, indexArr, source, param.Timeout, param.MaxShard)
 	if err != nil {
 		logger.Warningf("query data error:%v", err)
@@ -640,7 +699,7 @@ func QueryLog(ctx context.Context, queryParam interface{}, timeout int64, versio
 			var x map[string]interface{}
 			err := json.Unmarshal(result.Hits.Hits[i].Source, &x)
 			if err != nil {
-				logger.Warningf("Unmarshal soruce error:%v", err)
+				logger.Warningf("Unmarshal source error:%v", err)
 				continue
 			}
 

datasource/datasource.go

@@ -67,11 +67,18 @@ func init() {
 		PluginType:     "pgsql",
 		PluginTypeName: "PostgreSQL",
 	}
+
+	DatasourceTypes[7] = DatasourceType{
+		Id:             7,
+		Category:       "logging",
+		PluginType:     "victorialogs",
+		PluginTypeName: "VictoriaLogs",
+	}
 }
 
-type NewDatasrouceFn func(settings map[string]interface{}) (Datasource, error)
+type NewDatasourceFn func(settings map[string]interface{}) (Datasource, error)
 
-var datasourceRegister = map[string]NewDatasrouceFn{}
+var datasourceRegister = map[string]NewDatasourceFn{}
 
 type Datasource interface {
 	Init(settings map[string]interface{}) (Datasource, error) // 初始化配置

datasource/doris/doris.go

@@ -4,12 +4,13 @@ import (
 	"context"
 	"fmt"
 	"strings"
+	"time"
 
 	"github.com/ccfos/nightingale/v6/datasource"
 	"github.com/ccfos/nightingale/v6/dskit/doris"
 	"github.com/ccfos/nightingale/v6/dskit/types"
-	"github.com/ccfos/nightingale/v6/pkg/macros"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/macros"
 
 	"github.com/mitchellh/mapstructure"
 	"github.com/toolkits/pkg/logger"
@@ -38,6 +39,8 @@ type QueryParam struct {
 	To         int64           `json:"to" mapstructure:"to"`
 	TimeField  string          `json:"time_field" mapstructure:"time_field"`
 	TimeFormat string          `json:"time_format" mapstructure:"time_format"`
+	Interval   int64           `json:"interval" mapstructure:"interval"` // 查询时间间隔（秒）
+	Offset     int             `json:"offset" mapstructure:"offset"`     // 延迟计算，不在使用通用配置delay
 }
 
 func (d *Doris) InitClient() error {
@@ -146,13 +149,46 @@ func (d *Doris) QueryData(ctx context.Context, query interface{}) ([]models.Data
 		return nil, fmt.Errorf("valueKey is required")
 	}
 
-	items, err := d.QueryTimeseries(context.TODO(), &doris.QueryParam{
+	// 设置默认 interval
+	if dorisQueryParam.Interval == 0 {
+		dorisQueryParam.Interval = 60
+	}
+
+	// 计算时间范围
+	now := time.Now().Unix()
+	var start, end int64
+	if dorisQueryParam.To != 0 && dorisQueryParam.From != 0 {
+		end = dorisQueryParam.To
+		start = dorisQueryParam.From
+	} else {
+		end = now
+		start = end - dorisQueryParam.Interval
+	}
+
+	if dorisQueryParam.Offset != 0 {
+		end -= int64(dorisQueryParam.Offset)
+		start -= int64(dorisQueryParam.Offset)
+	}
+
+	dorisQueryParam.From = start
+	dorisQueryParam.To = end
+
+	if strings.Contains(dorisQueryParam.SQL, "$__") {
+		var err error
+		dorisQueryParam.SQL, err = macros.Macro(dorisQueryParam.SQL, dorisQueryParam.From, dorisQueryParam.To)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	items, err := d.QueryTimeseries(ctx, &doris.QueryParam{
 		Database: dorisQueryParam.Database,
 		Sql:      dorisQueryParam.SQL,
 		Keys: types.Keys{
 			ValueKey: dorisQueryParam.Keys.ValueKey,
 			LabelKey: dorisQueryParam.Keys.LabelKey,
 			TimeKey:  dorisQueryParam.Keys.TimeKey,
+			Offset:   dorisQueryParam.Offset,
 		},
 	})
 	if err != nil {
@@ -180,6 +216,18 @@ func (d *Doris) QueryLog(ctx context.Context, query interface{}) ([]interface{},
 		return nil, 0, err
 	}
 
+	// 记录规则预览场景下，只传了interval, 没有传From和To
+	now := time.Now().Unix()
+	if dorisQueryParam.To == 0 && dorisQueryParam.From == 0 && dorisQueryParam.Interval != 0 {
+		dorisQueryParam.To = now
+		dorisQueryParam.From = now - dorisQueryParam.Interval
+	}
+
+	if dorisQueryParam.Offset != 0 {
+		dorisQueryParam.To -= int64(dorisQueryParam.Offset)
+		dorisQueryParam.From -= int64(dorisQueryParam.Offset)
+	}
+
 	if strings.Contains(dorisQueryParam.SQL, "$__") {
 		var err error
 		dorisQueryParam.SQL, err = macros.Macro(dorisQueryParam.SQL, dorisQueryParam.From, dorisQueryParam.To)

datasource/es/es.go

@@ -106,6 +106,10 @@ func (e *Elasticsearch) InitClient() error {
 	options = append(options, elastic.SetHealthcheck(false))
 
 	e.Client, err = elastic.NewClient(options...)
+	if err != nil {
+		return err
+	}
+
 	return err
 }
 
@@ -167,10 +171,6 @@ func (e *Elasticsearch) Validate(ctx context.Context) (err error) {
 		e.Timeout = 60000
 	}
 
-	if !strings.HasPrefix(e.Version, "6") && !strings.HasPrefix(e.Version, "7") {
-		return fmt.Errorf("version must be 6.0+ or 7.0+")
-	}
-
 	return nil
 }
 
@@ -183,7 +183,6 @@ func (e *Elasticsearch) MakeTSQuery(ctx context.Context, query interface{}, even
 }
 
 func (e *Elasticsearch) QueryData(ctx context.Context, queryParam interface{}) ([]models.DataResp, error) {
-
 	search := func(ctx context.Context, indices []string, source interface{}, timeout int, maxShard int) (*elastic.SearchResult, error) {
 		return e.Client.Search().
 			Index(indices...).
@@ -193,7 +192,6 @@ func (e *Elasticsearch) QueryData(ctx context.Context, queryParam interface{}) (
 			MaxConcurrentShardRequests(maxShard).
 			Do(ctx)
 	}
-
 	return eslike.QueryData(ctx, queryParam, e.Timeout, e.Version, search)
 }
 
@@ -203,9 +201,9 @@ func (e *Elasticsearch) QueryIndices() ([]string, error) {
 	return result, err
 }
 
-func (e *Elasticsearch) QueryFields(indexs []string) ([]string, error) {
+func (e *Elasticsearch) QueryFields(indexes []string) ([]string, error) {
 	var fields []string
-	result, err := elastic.NewGetFieldMappingService(e.Client).Index(indexs...).IgnoreUnavailable(true).Do(context.Background())
+	result, err := elastic.NewGetFieldMappingService(e.Client).Index(indexes...).IgnoreUnavailable(true).Do(context.Background())
 	if err != nil {
 		return fields, err
 	}
@@ -223,7 +221,7 @@ func (e *Elasticsearch) QueryFields(indexs []string) ([]string, error) {
 							continue
 						}
 
-						if _, exsits := fieldMap[kk]; !exsits {
+						if _, exists := fieldMap[kk]; !exists {
 							fieldMap[kk] = struct{}{}
 							fields = append(fields, kk)
 						}
@@ -235,7 +233,7 @@ func (e *Elasticsearch) QueryFields(indexs []string) ([]string, error) {
 						continue
 					}
 
-					if _, exsits := fieldMap[k]; !exsits {
+					if _, exists := fieldMap[k]; !exists {
 						fieldMap[k] = struct{}{}
 						fields = append(fields, k)
 					}
@@ -275,11 +273,11 @@ func (e *Elasticsearch) QueryLog(ctx context.Context, queryParam interface{}) ([
 	return eslike.QueryLog(ctx, queryParam, e.Timeout, e.Version, e.MaxShard, search)
 }
 
-func (e *Elasticsearch) QueryFieldValue(indexs []string, field string, query string) ([]string, error) {
+func (e *Elasticsearch) QueryFieldValue(indexes []string, field string, query string) ([]string, error) {
 	var values []string
 	search := e.Client.Search().
 		IgnoreUnavailable(true).
-		Index(indexs...).
+		Index(indexes...).
 		Size(0)
 
 	if query != "" {
@@ -399,6 +397,9 @@ func (e *Elasticsearch) QueryMapData(ctx context.Context, query interface{}) ([]
 
 			// 将处理好的 map 添加到 m 切片中
 			result = append(result, mItem)
+			if param.Limit > 0 {
+				continue
+			}
 
 			// 只取第一条数据
 			break

datasource/opensearch/opensearch.go

@@ -100,7 +100,8 @@ func (os *OpenSearch) InitClient() error {
 		Header:    headers,
 	}
 
-	if os.Basic.Enable && os.Basic.Username != "" {
+	// 只要有用户名就添加认证，不依赖 Enable 字段
+	if os.Basic.Username != "" {
 		options.Username = os.Basic.Username
 		options.Password = os.Basic.Password
 	}
@@ -154,8 +155,9 @@ func (os *OpenSearch) Validate(ctx context.Context) (err error) {
 		}
 	}
 
-	if os.Basic.Enable && (len(os.Basic.Username) == 0 || len(os.Basic.Password) == 0) {
-		return fmt.Errorf("need a valid user, password")
+	// 如果提供了用户名，必须同时提供密码
+	if len(os.Basic.Username) > 0 && len(os.Basic.Password) == 0 {
+		return fmt.Errorf("password is required when username is provided")
 	}
 
 	if os.MaxShard == 0 {
@@ -367,7 +369,7 @@ func (os *OpenSearch) QueryLog(ctx context.Context, queryParam interface{}) ([]i
 	return eslike.QueryLog(ctx, queryParam, os.Timeout, os.Version, 0, search)
 }
 
-func (os *OpenSearch) QueryFieldValue(indexs []string, field string, query string) ([]string, error) {
+func (os *OpenSearch) QueryFieldValue(indexes []string, field string, query string) ([]string, error) {
 	var values []string
 	source := elastic.NewSearchSource().
 		Size(0)
@@ -377,7 +379,7 @@ func (os *OpenSearch) QueryFieldValue(indexs []string, field string, query strin
 	}
 	source = source.Aggregation("distinct", elastic.NewTermsAggregation().Field(field).Size(10000))
 
-	result, err := search(context.Background(), indexs, source, 0, os.Client)
+	result, err := search(context.Background(), indexes, source, 0, os.Client)
 	if err != nil {
 		return values, err
 	}

datasource/victorialogs/victorialogs.go

@@ -0,0 +1,339 @@
+package victorialogs
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"reflect"
+	"strconv"
+	"time"
+
+	"github.com/ccfos/nightingale/v6/datasource"
+	"github.com/ccfos/nightingale/v6/dskit/victorialogs"
+	"github.com/ccfos/nightingale/v6/models"
+
+	"github.com/mitchellh/mapstructure"
+	"github.com/prometheus/common/model"
+)
+
+const (
+	VictoriaLogsType = "victorialogs"
+)
+
+// VictoriaLogs 数据源实现
+type VictoriaLogs struct {
+	victorialogs.VictoriaLogs `json:",inline" mapstructure:",squash"`
+}
+
+// Query 查询参数
+type Query struct {
+	Query string `json:"query" mapstructure:"query"` // LogsQL 查询语句
+	Start int64  `json:"start" mapstructure:"start"` // 开始时间（秒）
+	End   int64  `json:"end" mapstructure:"end"`     // 结束时间（秒）
+	Time  int64  `json:"time" mapstructure:"time"`   // 单点时间（秒）- 用于告警
+	Step  string `json:"step" mapstructure:"step"`   // 步长，如 "1m", "5m"
+	Limit int    `json:"limit" mapstructure:"limit"` // 限制返回数量
+	Ref   string `json:"ref" mapstructure:"ref"`     // 变量引用名（如 A、B）
+}
+
+// IsInstantQuery 判断是否为即时查询（告警场景）
+func (q *Query) IsInstantQuery() bool {
+	return q.Time > 0 || (q.Start >= 0 && q.Start == q.End)
+}
+
+func init() {
+	datasource.RegisterDatasource(VictoriaLogsType, new(VictoriaLogs))
+}
+
+// Init 初始化配置
+func (vl *VictoriaLogs) Init(settings map[string]interface{}) (datasource.Datasource, error) {
+	newest := new(VictoriaLogs)
+	err := mapstructure.Decode(settings, newest)
+	return newest, err
+}
+
+// InitClient 初始化客户端
+func (vl *VictoriaLogs) InitClient() error {
+	if err := vl.InitHTTPClient(); err != nil {
+		return fmt.Errorf("failed to init victorialogs http client: %w", err)
+	}
+
+	return nil
+}
+
+// Validate 参数验证
+func (vl *VictoriaLogs) Validate(ctx context.Context) error {
+	if vl.VictorialogsAddr == "" {
+		return fmt.Errorf("victorialogs.addr is required")
+	}
+
+	// 验证 URL 格式
+	_, err := url.Parse(vl.VictorialogsAddr)
+	if err != nil {
+		return fmt.Errorf("invalid victorialogs.addr: %w", err)
+	}
+
+	// 必须同时提供用户名和密码
+	if (vl.VictorialogsBasic.VictorialogsUser != "" && vl.VictorialogsBasic.VictorialogsPass == "") ||
+		(vl.VictorialogsBasic.VictorialogsUser == "" && vl.VictorialogsBasic.VictorialogsPass != "") {
+		return fmt.Errorf("both username and password must be provided")
+	}
+
+	// 设置默认值
+	if vl.Timeout == 0 {
+		vl.Timeout = 10000 // 默认 10 秒
+	}
+
+	if vl.MaxQueryRows == 0 {
+		vl.MaxQueryRows = 1000
+	}
+
+	return nil
+}
+
+// Equal 验证是否相等
+func (vl *VictoriaLogs) Equal(other datasource.Datasource) bool {
+	o, ok := other.(*VictoriaLogs)
+	if !ok {
+		return false
+	}
+
+	return vl.VictorialogsAddr == o.VictorialogsAddr &&
+		vl.VictorialogsBasic.VictorialogsUser == o.VictorialogsBasic.VictorialogsUser &&
+		vl.VictorialogsBasic.VictorialogsPass == o.VictorialogsBasic.VictorialogsPass &&
+		vl.VictorialogsTls.SkipTlsVerify == o.VictorialogsTls.SkipTlsVerify &&
+		vl.Timeout == o.Timeout &&
+		reflect.DeepEqual(vl.Headers, o.Headers)
+}
+
+// QueryLog 日志查询
+func (vl *VictoriaLogs) QueryLog(ctx context.Context, queryParam interface{}) ([]interface{}, int64, error) {
+	param := new(Query)
+	if err := mapstructure.Decode(queryParam, param); err != nil {
+		return nil, 0, fmt.Errorf("decode query param failed: %w", err)
+	}
+
+	logs, err := vl.Query(ctx, param.Query, param.Start, param.End, param.Limit)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	// 转换为 interface{} 数组
+	result := make([]interface{}, len(logs))
+	for i, log := range logs {
+		result[i] = log
+	}
+
+	// 调用 HitsLogs 获取真实的 total
+	total, err := vl.HitsLogs(ctx, param.Query, param.Start, param.End)
+	if err != nil {
+		// 如果获取 total 失败，使用当前结果数量
+		total = int64(len(logs))
+	}
+
+	return result, total, nil
+}
+
+// QueryData 指标数据查询
+func (vl *VictoriaLogs) QueryData(ctx context.Context, queryParam interface{}) ([]models.DataResp, error) {
+	param := new(Query)
+	if err := mapstructure.Decode(queryParam, param); err != nil {
+		return nil, fmt.Errorf("decode query param failed: %w", err)
+	}
+
+	// 判断使用哪个 API
+	if param.IsInstantQuery() {
+		return vl.queryDataInstant(ctx, param)
+	}
+	return vl.queryDataRange(ctx, param)
+}
+
+// queryDataInstant 告警场景，调用 /select/logsql/stats_query
+func (vl *VictoriaLogs) queryDataInstant(ctx context.Context, param *Query) ([]models.DataResp, error) {
+	queryTime := param.Time
+	if queryTime == 0 {
+		queryTime = param.End // 如果没有 time，使用 end 作为查询时间点
+	}
+	if queryTime == 0 {
+		queryTime = time.Now().Unix()
+	}
+
+	result, err := vl.StatsQuery(ctx, param.Query, queryTime)
+	if err != nil {
+		return nil, err
+	}
+
+	return convertPrometheusInstantToDataResp(result, param.Ref), nil
+}
+
+// queryDataRange 看图场景，调用 /select/logsql/stats_query_range
+func (vl *VictoriaLogs) queryDataRange(ctx context.Context, param *Query) ([]models.DataResp, error) {
+	step := param.Step
+	if step == "" {
+		// 根据时间范围计算合适的步长
+		duration := param.End - param.Start
+		if duration <= 3600 {
+			step = "1m" // 1 小时内，1 分钟步长
+		} else if duration <= 86400 {
+			step = "5m" // 1 天内，5 分钟步长
+		} else {
+			step = "1h" // 超过 1 天，1 小时步长
+		}
+	}
+
+	result, err := vl.StatsQueryRange(ctx, param.Query, param.Start, param.End, step)
+	if err != nil {
+		return nil, err
+	}
+
+	return convertPrometheusRangeToDataResp(result, param.Ref), nil
+}
+
+// convertPrometheusInstantToDataResp 将 Prometheus Instant Query 格式转换为 DataResp
+func convertPrometheusInstantToDataResp(resp *victorialogs.PrometheusResponse, ref string) []models.DataResp {
+	var dataResps []models.DataResp
+
+	for _, item := range resp.Data.Result {
+		dataResp := models.DataResp{
+			Ref: ref,
+		}
+
+		// 转换 Metric
+		dataResp.Metric = make(model.Metric)
+		for k, v := range item.Metric {
+			dataResp.Metric[model.LabelName(k)] = model.LabelValue(v)
+		}
+
+		if len(item.Value) == 2 {
+			// [timestamp, value]
+			timestamp := item.Value[0].(float64)
+			value, _ := strconv.ParseFloat(item.Value[1].(string), 64)
+
+			dataResp.Values = [][]float64{
+				{timestamp, value},
+			}
+		}
+
+		dataResps = append(dataResps, dataResp)
+	}
+
+	return dataResps
+}
+
+// convertPrometheusRangeToDataResp 将 Prometheus Range Query 格式转换为 DataResp
+func convertPrometheusRangeToDataResp(resp *victorialogs.PrometheusResponse, ref string) []models.DataResp {
+	var dataResps []models.DataResp
+
+	for _, item := range resp.Data.Result {
+		dataResp := models.DataResp{
+			Ref: ref,
+		}
+
+		// 转换 Metric
+		dataResp.Metric = make(model.Metric)
+		for k, v := range item.Metric {
+			dataResp.Metric[model.LabelName(k)] = model.LabelValue(v)
+		}
+
+		var values [][]float64
+		for _, v := range item.Values {
+			if len(v) == 2 {
+				timestamp := v[0].(float64)
+				value, _ := strconv.ParseFloat(v[1].(string), 64)
+
+				values = append(values, []float64{timestamp, value})
+			}
+		}
+
+		dataResp.Values = values
+		dataResps = append(dataResps, dataResp)
+	}
+
+	return dataResps
+}
+
+// MakeLogQuery 构造日志查询参数
+func (vl *VictoriaLogs) MakeLogQuery(ctx context.Context, query interface{}, eventTags []string, start, end int64) (interface{}, error) {
+	q := &Query{
+		Start: start,
+		End:   end,
+		Limit: 1000,
+	}
+
+	// 如果 query 是字符串，直接使用
+	if queryStr, ok := query.(string); ok {
+		q.Query = queryStr
+	} else if queryMap, ok := query.(map[string]interface{}); ok {
+		// 如果是 map，尝试提取 query 字段
+		if qStr, exists := queryMap["query"]; exists {
+			q.Query = fmt.Sprintf("%v", qStr)
+		}
+		if limit, exists := queryMap["limit"]; exists {
+			if limitInt, ok := limit.(int); ok {
+				q.Limit = limitInt
+			} else if limitFloat, ok := limit.(float64); ok {
+				q.Limit = int(limitFloat)
+			}
+		}
+	}
+
+	return q, nil
+}
+
+// MakeTSQuery 构造时序查询参数
+func (vl *VictoriaLogs) MakeTSQuery(ctx context.Context, query interface{}, eventTags []string, start, end int64) (interface{}, error) {
+	q := &Query{
+		Start: start,
+		End:   end,
+	}
+
+	// 如果 query 是字符串，直接使用
+	if queryStr, ok := query.(string); ok {
+		q.Query = queryStr
+	} else if queryMap, ok := query.(map[string]interface{}); ok {
+		// 如果是 map，提取相关字段
+		if qStr, exists := queryMap["query"]; exists {
+			q.Query = fmt.Sprintf("%v", qStr)
+		}
+		if step, exists := queryMap["step"]; exists {
+			q.Step = fmt.Sprintf("%v", step)
+		}
+	}
+
+	return q, nil
+}
+
+// QueryMapData 用于告警事件生成时获取额外数据
+func (vl *VictoriaLogs) QueryMapData(ctx context.Context, query interface{}) ([]map[string]string, error) {
+	param := new(Query)
+	if err := mapstructure.Decode(query, param); err != nil {
+		return nil, err
+	}
+
+	// 扩大查询范围，解决时间滞后问题
+	if param.End > 0 && param.Start > 0 {
+		param.Start = param.Start - 30
+	}
+
+	// 限制只取 1 条
+	param.Limit = 1
+
+	logs, _, err := vl.QueryLog(ctx, param)
+	if err != nil {
+		return nil, err
+	}
+
+	var result []map[string]string
+	for _, log := range logs {
+		if logMap, ok := log.(map[string]interface{}); ok {
+			strMap := make(map[string]string)
+			for k, v := range logMap {
+				strMap[k] = fmt.Sprintf("%v", v)
+			}
+			result = append(result, strMap)
+			break // 只取第一条
+		}
+	}
+
+	return result, nil
+}

doc/README.bak.md

@@ -120,7 +120,7 @@ Url = "http://127.0.0.1:9090/api/v1/write"
 - 补充和完善文档 => [n9e.github.io](https://n9e.github.io/)
 - 分享您在使用夜莺监控过程中的最佳实践和经验心得 => [文章分享](https://flashcat.cloud/docs/content/flashcat-monitor/nightingale/share/)
 - 提交产品建议 =》 [github issue](https://github.com/ccfos/nightingale/issues/new?assignees=&labels=kind%2Ffeature&template=enhancement.md)
-- 提交代码，让夜莺监控更快、更稳、更好用 => [github pull request](https://github.com/didi/nightingale/pulls)
+- 提交代码，让夜莺监控更快、更稳、更好用 => [github pull request](https://github.com/ccfos/nightingale/pulls)
 
 **尊重、认可和记录每一位贡献者的工作**是夜莺开源社区的第一指导原则，我们提倡**高效的提问**，这既是对开发者时间的尊重，也是对整个社区知识沉淀的贡献：
 - 提问之前请先查阅 [FAQ](https://www.gitlink.org.cn/ccfos/nightingale/wiki/faq) 
@@ -140,7 +140,7 @@ Url = "http://127.0.0.1:9090/api/v1/write"
 </a>
 
 ## License
-[Apache License V2.0](https://github.com/didi/nightingale/blob/main/LICENSE)
+[Apache License V2.0](https://github.com/ccfos/nightingale/blob/main/LICENSE)
 
 ## 加入交流群
 

doc/server-dash.json

@@ -138,7 +138,7 @@
                     "drawStyle": "lines",
                     "lineInterpolation": "smooth",
                     "fillOpacity": 0.5,
-                    "stack": "noraml"
+                    "stack": "normal"
                 },
                 "version": "2.0.0",
                 "type": "timeseries",
@@ -214,7 +214,7 @@
                     "drawStyle": "lines",
                     "lineInterpolation": "smooth",
                     "fillOpacity": 0.5,
-                    "stack": "noraml"
+                    "stack": "normal"
                 },
                 "version": "2.0.0",
                 "type": "timeseries",

docker/Dockerfile.goreleaser

@@ -5,7 +5,7 @@ WORKDIR /app
 ADD n9e /app/
 ADD etc /app/etc/
 ADD integrations /app/integrations/
-RUN pip install requests
+RUN pip install requests Jinja2
 
 EXPOSE 17000
 

docker/compose-bridge/etc-categraf/input.mysql/mysql.toml

@@ -34,7 +34,7 @@ labels = { instance="docker-compose-mysql" }
 # insecure_skip_verify = true
 
 #[[instances.queries]]
-# mesurement = "lock_wait"
+# measurement = "lock_wait"
 # metric_fields = [ "total" ]
 # timeout = "3s"
 # request = '''

docker/compose-bridge/etc-nightingale/config.toml

@@ -89,8 +89,6 @@ MaxLifetime = 7200
 MaxOpenConns = 150
 # max idle connections
 MaxIdleConns = 50
-# enable auto migrate or not
-# EnableAutoMigrate = false
 
 [Redis]
 # address, ip:port or ip1:port,ip2:port for cluster and sentinel(SentinelAddrs)

docker/compose-bridge/etc-nightingale/metrics.yaml

@@ -53,7 +53,7 @@ zh:
   mem_huge_page_size: 每个大页的大小
   mem_huge_pages_free: 池中尚未分配的 HugePages 数量
   mem_huge_pages_total: 预留HugePages的总个数
-  mem_inactive: 空闲的内存数(包括free和avalible的内存)
+  mem_inactive: 空闲的内存数(包括free和available的内存)
   mem_low_free: 未被使用的低位大小
   mem_low_total: 低位内存总大小,低位可以达到高位内存一样的作用，而且它还能够被内核用来记录一些自己的数据结构
   mem_mapped: 设备和文件等映射的大小
@@ -105,8 +105,8 @@ zh:
   netstat_udp_mem: UDP套接字内存Page使用量
   netstat_udplite_inuse: 正在使用的 udp lite 数量
   netstat_raw_inuse: 正在使用的 raw socket 数量
-  netstat_frag_inuse: ip fragement 数量
-  netstat_frag_memory: ip fragement 已经分配的内存(byte）
+  netstat_frag_inuse: ip fragment 数量
+  netstat_frag_memory: ip fragment 已经分配的内存(byte）
 
   #[ping]
   ping_percent_packet_loss: ping数据包丢失百分比(%)
@@ -143,7 +143,7 @@ zh:
   nginx_active: 当前nginx正在处理的活动连接数,等于Reading/Writing/Waiting总和
   nginx_handled: 自nginx启动起,处理过的客户端连接总数
   nginx_reading: 正在读取HTTP请求头部的连接总数
-  nginx_requests: 自nginx启动起,处理过的客户端请求总数,由于存在HTTP Krrp-Alive请求,该值会大于handled值
+  nginx_requests: 自nginx启动起,处理过的客户端请求总数,由于存在HTTP Keep-Alive请求,该值会大于handled值
   nginx_upstream_check_fall: upstream_check模块检测到后端失败的次数
   nginx_upstream_check_rise: upstream_check模块对后端的检测次数
   nginx_upstream_check_status_code: 后端upstream的状态,up为1,down为0
@@ -327,7 +327,7 @@ en:
   mem_huge_page_size: "The size of each big page"
   mem_huge_pages_free: "The number of Huge Pages in the pool that have not been allocated"
   mem_huge_pages_total: "Reserve the total number of Huge Pages"
-  mem_inactive: "Free memory (including the memory of free and avalible)"
+  mem_inactive: "Free memory (including the memory of free and available)"
   mem_low_free: "Unused low size"
   mem_low_total: "The total size of the low memory memory can achieve the same role of high memory, and it can be used by the kernel to record some of its own data structure"
   mem_mapped: "The size of the mapping of equipment and files"
@@ -369,7 +369,7 @@ en:
   netstat_tcp_time_wait: "Time _ WAIT status network link number"
   netstat_udp_socket: "Number of network links in UDP status"
 
-  processes_blocked: "The number of processes in the unreprudible sleep state('U','D','L')"
+  processes_blocked: "The number of processes in the unreproducible sleep state('U','D','L')"
   processes_dead: "Number of processes in recycling('X')"
   processes_idle: "Number of idle processes hanging('I')"
   processes_paging: "Number of paging processes('P')"
@@ -397,7 +397,7 @@ en:
   nginx_active: "The current number of activity connections that Nginx is being processed is equal to Reading/Writing/Waiting"
   nginx_handled: "Starting from Nginx, the total number of client connections that have been processed"
   nginx_reading: "Reading the total number of connections on the http request header"
-  nginx_requests: "Since nginx is started, the total number of client requests processed, due to the existence of HTTP Krrp - Alive requests, this value will be greater than the handled value"
+  nginx_requests: "Since nginx is started, the total number of client requests processed, due to the existence of HTTP Keep-Alive requests, this value will be greater than the handled value"
   nginx_upstream_check_fall: "UPStream_CHECK module detects the number of back -end failures"
   nginx_upstream_check_rise: "UPSTREAM _ Check module to detect the number of back -end"
   nginx_upstream_check_status_code: "The state of the backstream is 1, and the down is 0"
@@ -663,7 +663,7 @@ en:
   # vmalloc已分配的内存，虚拟地址空间上的连续的内存
   node_memory_VmallocUsed_bytes: Amount of vmalloc area which is used
   # vmalloc区可用的连续最大快的大小，通过此指标可以知道vmalloc可分配连续内存的最大值
-  node_memory_VmallocChunk_bytes: Largest contigious block of vmalloc area which is free
+  node_memory_VmallocChunk_bytes: Largest contiguous block of vmalloc area which is free
   # 内存的硬件故障删除掉的内存页的总大小
   node_memory_HardwareCorrupted_bytes: Amount of RAM that the kernel identified as corrupted / not working
   # 用于在虚拟和物理内存地址之间映射的内存
@@ -700,7 +700,7 @@ en:
   # 匿名页内存大小
   node_memory_AnonPages_bytes: Memory in user pages not backed by files
   # 被关联的内存页大小
-  node_memory_Mapped_bytes: Used memory in mapped pages files which have been mmaped, such as libraries
+  node_memory_Mapped_bytes: Used memory in mapped pages files which have been mapped, such as libraries
   # file-backed内存页缓存大小
   node_memory_Cached_bytes: Parked file data (file content) cache
   # 系统中有多少匿名页曾经被swap-out、现在又被swap-in并且swap-in之后页面中的内容一直没发生变化

docker/compose-host-network-metric-log/etc-categraf/logs.toml

@@ -1,5 +1,5 @@
 [logs]
-## just a placholder
+## just a placeholder
 api_key = "ef4ahfbwzwwtlwfpbertgq1i6mq0ab1q"
 ## enable log collect or not
 enable = true

docker/compose-host-network-metric-log/etc-nightingale/config.toml

@@ -86,8 +86,6 @@ MaxLifetime = 7200
 MaxOpenConns = 150
 # max idle connections
 MaxIdleConns = 50
-# enable auto migrate or not
-# EnableAutoMigrate = false
 
 [Redis]
 # address, ip:port or ip1:port,ip2:port for cluster and sentinel(SentinelAddrs)

docker/compose-host-network-metric-log/etc-nightingale/metrics.yaml

@@ -53,7 +53,7 @@ zh:
   mem_huge_page_size: 每个大页的大小
   mem_huge_pages_free: 池中尚未分配的 HugePages 数量
   mem_huge_pages_total: 预留HugePages的总个数
-  mem_inactive: 空闲的内存数(包括free和avalible的内存)
+  mem_inactive: 空闲的内存数(包括free和available的内存)
   mem_low_free: 未被使用的低位大小
   mem_low_total: 低位内存总大小,低位可以达到高位内存一样的作用，而且它还能够被内核用来记录一些自己的数据结构
   mem_mapped: 设备和文件等映射的大小
@@ -105,8 +105,8 @@ zh:
   netstat_udp_mem: UDP套接字内存Page使用量
   netstat_udplite_inuse: 正在使用的 udp lite 数量
   netstat_raw_inuse: 正在使用的 raw socket 数量
-  netstat_frag_inuse: ip fragement 数量
-  netstat_frag_memory: ip fragement 已经分配的内存(byte）
+  netstat_frag_inuse: ip fragment 数量
+  netstat_frag_memory: ip fragment 已经分配的内存(byte）
 
   #[ping]
   ping_percent_packet_loss: ping数据包丢失百分比(%)
@@ -143,7 +143,7 @@ zh:
   nginx_active: 当前nginx正在处理的活动连接数,等于Reading/Writing/Waiting总和
   nginx_handled: 自nginx启动起,处理过的客户端连接总数
   nginx_reading: 正在读取HTTP请求头部的连接总数
-  nginx_requests: 自nginx启动起,处理过的客户端请求总数,由于存在HTTP Krrp-Alive请求,该值会大于handled值
+  nginx_requests: 自nginx启动起,处理过的客户端请求总数,由于存在HTTP Keep-Alive请求,该值会大于handled值
   nginx_upstream_check_fall: upstream_check模块检测到后端失败的次数
   nginx_upstream_check_rise: upstream_check模块对后端的检测次数
   nginx_upstream_check_status_code: 后端upstream的状态,up为1,down为0
@@ -327,7 +327,7 @@ en:
   mem_huge_page_size: "The size of each big page"
   mem_huge_pages_free: "The number of Huge Pages in the pool that have not been allocated"
   mem_huge_pages_total: "Reserve the total number of Huge Pages"
-  mem_inactive: "Free memory (including the memory of free and avalible)"
+  mem_inactive: "Free memory (including the memory of free and available)"
   mem_low_free: "Unused low size"
   mem_low_total: "The total size of the low memory memory can achieve the same role of high memory, and it can be used by the kernel to record some of its own data structure"
   mem_mapped: "The size of the mapping of equipment and files"
@@ -369,7 +369,7 @@ en:
   netstat_tcp_time_wait: "Time _ WAIT status network link number"
   netstat_udp_socket: "Number of network links in UDP status"
 
-  processes_blocked: "The number of processes in the unreprudible sleep state('U','D','L')"
+  processes_blocked: "The number of processes in the unreproducible sleep state('U','D','L')"
   processes_dead: "Number of processes in recycling('X')"
   processes_idle: "Number of idle processes hanging('I')"
   processes_paging: "Number of paging processes('P')"
@@ -397,7 +397,7 @@ en:
   nginx_active: "The current number of activity connections that Nginx is being processed is equal to Reading/Writing/Waiting"
   nginx_handled: "Starting from Nginx, the total number of client connections that have been processed"
   nginx_reading: "Reading the total number of connections on the http request header"
-  nginx_requests: "Since nginx is started, the total number of client requests processed, due to the existence of HTTP Krrp - Alive requests, this value will be greater than the handled value"
+  nginx_requests: "Since nginx is started, the total number of client requests processed, due to the existence of HTTP Keep-Alive requests, this value will be greater than the handled value"
   nginx_upstream_check_fall: "UPStream_CHECK module detects the number of back -end failures"
   nginx_upstream_check_rise: "UPSTREAM _ Check module to detect the number of back -end"
   nginx_upstream_check_status_code: "The state of the backstream is 1, and the down is 0"
@@ -663,7 +663,7 @@ en:
   # vmalloc已分配的内存，虚拟地址空间上的连续的内存
   node_memory_VmallocUsed_bytes: Amount of vmalloc area which is used
   # vmalloc区可用的连续最大快的大小，通过此指标可以知道vmalloc可分配连续内存的最大值
-  node_memory_VmallocChunk_bytes: Largest contigious block of vmalloc area which is free
+  node_memory_VmallocChunk_bytes: Largest contiguous block of vmalloc area which is free
   # 内存的硬件故障删除掉的内存页的总大小
   node_memory_HardwareCorrupted_bytes: Amount of RAM that the kernel identified as corrupted / not working
   # 用于在虚拟和物理内存地址之间映射的内存
@@ -700,7 +700,7 @@ en:
   # 匿名页内存大小
   node_memory_AnonPages_bytes: Memory in user pages not backed by files
   # 被关联的内存页大小
-  node_memory_Mapped_bytes: Used memory in mapped pages files which have been mmaped, such as libraries
+  node_memory_Mapped_bytes: Used memory in mapped pages files which have been mapped, such as libraries
   # file-backed内存页缓存大小
   node_memory_Cached_bytes: Parked file data (file content) cache
   # 系统中有多少匿名页曾经被swap-out、现在又被swap-in并且swap-in之后页面中的内容一直没发生变化

docker/compose-host-network/etc-nightingale/config.toml

@@ -86,8 +86,6 @@ MaxLifetime = 7200
 MaxOpenConns = 150
 # max idle connections
 MaxIdleConns = 50
-# enable auto migrate or not
-# EnableAutoMigrate = false
 
 [Redis]
 # address, ip:port or ip1:port,ip2:port for cluster and sentinel(SentinelAddrs)

docker/compose-host-network/etc-nightingale/metrics.yaml

@@ -53,7 +53,7 @@ zh:
   mem_huge_page_size: 每个大页的大小
   mem_huge_pages_free: 池中尚未分配的 HugePages 数量
   mem_huge_pages_total: 预留HugePages的总个数
-  mem_inactive: 空闲的内存数(包括free和avalible的内存)
+  mem_inactive: 空闲的内存数(包括free和available的内存)
   mem_low_free: 未被使用的低位大小
   mem_low_total: 低位内存总大小,低位可以达到高位内存一样的作用，而且它还能够被内核用来记录一些自己的数据结构
   mem_mapped: 设备和文件等映射的大小
@@ -105,8 +105,8 @@ zh:
   netstat_udp_mem: UDP套接字内存Page使用量
   netstat_udplite_inuse: 正在使用的 udp lite 数量
   netstat_raw_inuse: 正在使用的 raw socket 数量
-  netstat_frag_inuse: ip fragement 数量
-  netstat_frag_memory: ip fragement 已经分配的内存(byte）
+  netstat_frag_inuse: ip fragment 数量
+  netstat_frag_memory: ip fragment 已经分配的内存(byte）
 
   #[ping]
   ping_percent_packet_loss: ping数据包丢失百分比(%)
@@ -143,7 +143,7 @@ zh:
   nginx_active: 当前nginx正在处理的活动连接数,等于Reading/Writing/Waiting总和
   nginx_handled: 自nginx启动起,处理过的客户端连接总数
   nginx_reading: 正在读取HTTP请求头部的连接总数
-  nginx_requests: 自nginx启动起,处理过的客户端请求总数,由于存在HTTP Krrp-Alive请求,该值会大于handled值
+  nginx_requests: 自nginx启动起,处理过的客户端请求总数,由于存在HTTP Keep-Alive请求,该值会大于handled值
   nginx_upstream_check_fall: upstream_check模块检测到后端失败的次数
   nginx_upstream_check_rise: upstream_check模块对后端的检测次数
   nginx_upstream_check_status_code: 后端upstream的状态,up为1,down为0
@@ -327,7 +327,7 @@ en:
   mem_huge_page_size: "The size of each big page"
   mem_huge_pages_free: "The number of Huge Pages in the pool that have not been allocated"
   mem_huge_pages_total: "Reserve the total number of Huge Pages"
-  mem_inactive: "Free memory (including the memory of free and avalible)"
+  mem_inactive: "Free memory (including the memory of free and available)"
   mem_low_free: "Unused low size"
   mem_low_total: "The total size of the low memory memory can achieve the same role of high memory, and it can be used by the kernel to record some of its own data structure"
   mem_mapped: "The size of the mapping of equipment and files"
@@ -369,7 +369,7 @@ en:
   netstat_tcp_time_wait: "Time _ WAIT status network link number"
   netstat_udp_socket: "Number of network links in UDP status"
 
-  processes_blocked: "The number of processes in the unreprudible sleep state('U','D','L')"
+  processes_blocked: "The number of processes in the unreproducible sleep state('U','D','L')"
   processes_dead: "Number of processes in recycling('X')"
   processes_idle: "Number of idle processes hanging('I')"
   processes_paging: "Number of paging processes('P')"
@@ -397,7 +397,7 @@ en:
   nginx_active: "The current number of activity connections that Nginx is being processed is equal to Reading/Writing/Waiting"
   nginx_handled: "Starting from Nginx, the total number of client connections that have been processed"
   nginx_reading: "Reading the total number of connections on the http request header"
-  nginx_requests: "Since nginx is started, the total number of client requests processed, due to the existence of HTTP Krrp - Alive requests, this value will be greater than the handled value"
+  nginx_requests: "Since nginx is started, the total number of client requests processed, due to the existence of HTTP Keep-Alive requests, this value will be greater than the handled value"
   nginx_upstream_check_fall: "UPStream_CHECK module detects the number of back -end failures"
   nginx_upstream_check_rise: "UPSTREAM _ Check module to detect the number of back -end"
   nginx_upstream_check_status_code: "The state of the backstream is 1, and the down is 0"
@@ -663,7 +663,7 @@ en:
   # vmalloc已分配的内存，虚拟地址空间上的连续的内存
   node_memory_VmallocUsed_bytes: Amount of vmalloc area which is used
   # vmalloc区可用的连续最大快的大小，通过此指标可以知道vmalloc可分配连续内存的最大值
-  node_memory_VmallocChunk_bytes: Largest contigious block of vmalloc area which is free
+  node_memory_VmallocChunk_bytes: Largest contiguous block of vmalloc area which is free
   # 内存的硬件故障删除掉的内存页的总大小
   node_memory_HardwareCorrupted_bytes: Amount of RAM that the kernel identified as corrupted / not working
   # 用于在虚拟和物理内存地址之间映射的内存
@@ -700,7 +700,7 @@ en:
   # 匿名页内存大小
   node_memory_AnonPages_bytes: Memory in user pages not backed by files
   # 被关联的内存页大小
-  node_memory_Mapped_bytes: Used memory in mapped pages files which have been mmaped, such as libraries
+  node_memory_Mapped_bytes: Used memory in mapped pages files which have been mapped, such as libraries
   # file-backed内存页缓存大小
   node_memory_Cached_bytes: Parked file data (file content) cache
   # 系统中有多少匿名页曾经被swap-out、现在又被swap-in并且swap-in之后页面中的内容一直没发生变化

docker/compose-postgres/initsql_for_postgres/a-n9e-for-Postgres.sql

@@ -209,6 +209,7 @@ CREATE TABLE board (
     create_by varchar(64) not null default '',
     update_at bigint not null default 0,
     update_by varchar(64) not null default '',
+    note varchar(1024) not null default '',
     PRIMARY KEY (id),
     UNIQUE (group_id, name)
 ) ;
@@ -219,6 +220,7 @@ COMMENT ON COLUMN board.public IS '0:false 1:true';
 COMMENT ON COLUMN board.built_in IS '0:false 1:true';
 COMMENT ON COLUMN board.hide IS '0:false 1:true';
 COMMENT ON COLUMN board.public_cate IS '0 anonymous 1 login 2 busi';
+COMMENT ON COLUMN board.note IS 'note';
 
 
 -- for dashboard new version
@@ -873,6 +875,7 @@ CREATE TABLE builtin_payloads (
   name VARCHAR(191) NOT NULL,
   tags VARCHAR(191) NOT NULL DEFAULT '',
   content TEXT NOT NULL,
+  note VARCHAR(1024) NOT NULL DEFAULT '',
   created_at BIGINT NOT NULL DEFAULT 0,
   created_by VARCHAR(191) NOT NULL DEFAULT '',
   updated_at BIGINT NOT NULL DEFAULT 0,

docker/compose-postgres/n9eetc_pg/config.toml

@@ -90,8 +90,6 @@ MaxLifetime = 7200
 MaxOpenConns = 150
 # max idle connections
 MaxIdleConns = 50
-# enable auto migrate or not
-# EnableAutoMigrate = false
 
 [Redis]
 # address, ip:port or ip1:port,ip2:port for cluster and sentinel(SentinelAddrs)

docker/compose-postgres/n9eetc_pg/metrics.yaml

@@ -50,7 +50,7 @@ mem_high_total: 高位内存总大小（Highmem是指所有内存高于860MB的
 mem_huge_page_size: 每个大页的大小
 mem_huge_pages_free: 池中尚未分配的 HugePages 数量
 mem_huge_pages_total: 预留HugePages的总个数
-mem_inactive: 空闲的内存数(包括free和avalible的内存)
+mem_inactive: 空闲的内存数(包括free和available的内存)
 mem_low_free: 未被使用的低位大小
 mem_low_total: 低位内存总大小,低位可以达到高位内存一样的作用，而且它还能够被内核用来记录一些自己的数据结构
 mem_mapped: 设备和文件等映射的大小
@@ -115,7 +115,7 @@ nginx_accepts: 自nginx启动起,与客户端建立过得连接总数
 nginx_active: 当前nginx正在处理的活动连接数,等于Reading/Writing/Waiting总和
 nginx_handled: 自nginx启动起,处理过的客户端连接总数
 nginx_reading: 正在读取HTTP请求头部的连接总数
-nginx_requests: 自nginx启动起,处理过的客户端请求总数,由于存在HTTP Krrp-Alive请求,该值会大于handled值
+nginx_requests: 自nginx启动起,处理过的客户端请求总数,由于存在HTTP Keep-Alive请求,该值会大于handled值
 nginx_upstream_check_fall: upstream_check模块检测到后端失败的次数
 nginx_upstream_check_rise: upstream_check模块对后端的检测次数
 nginx_upstream_check_status_code: 后端upstream的状态,up为1,down为0
@@ -383,7 +383,7 @@ node_memory_VmallocTotal_bytes: Total size of vmalloc memory area
 # vmalloc已分配的内存，虚拟地址空间上的连续的内存
 node_memory_VmallocUsed_bytes: Amount of vmalloc area which is used
 # vmalloc区可用的连续最大快的大小，通过此指标可以知道vmalloc可分配连续内存的最大值
-node_memory_VmallocChunk_bytes: Largest contigious block of vmalloc area which is free
+node_memory_VmallocChunk_bytes: Largest contiguous block of vmalloc area which is free
 # 内存的硬件故障删除掉的内存页的总大小
 node_memory_HardwareCorrupted_bytes: Amount of RAM that the kernel identified as corrupted / not working
 # 用于在虚拟和物理内存地址之间映射的内存
@@ -420,7 +420,7 @@ node_memory_Shmem_bytes: Used shared memory (shared between several processes, t
 # 匿名页内存大小
 node_memory_AnonPages_bytes: Memory in user pages not backed by files
 # 被关联的内存页大小
-node_memory_Mapped_bytes: Used memory in mapped pages files which have been mmaped, such as libraries
+node_memory_Mapped_bytes: Used memory in mapped pages files which have been mapped, such as libraries
 # file-backed内存页缓存大小
 node_memory_Cached_bytes: Parked file data (file content) cache
 # 系统中有多少匿名页曾经被swap-out、现在又被swap-in并且swap-in之后页面中的内容一直没发生变化

docker/initsql/a-n9e.sql

@@ -61,7 +61,7 @@ CREATE TABLE `configs` (
     `external`  bigint DEFAULT 0 COMMENT '0\\:built-in 1\\:external',
     `encrypted` bigint DEFAULT 0 COMMENT '0\\:plaintext 1\\:ciphertext',
     `create_at` bigint DEFAULT 0 COMMENT 'create_at',
-    `create_by` varchar(64) NOT NULL DEFAULT '' COMMENT 'cerate_by',
+    `create_by` varchar(64) NOT NULL DEFAULT '' COMMENT 'create_by',
     `update_at` bigint DEFAULT 0 COMMENT 'update_at',
     `update_by` varchar(64) NOT NULL DEFAULT '' COMMENT 'update_by',
     PRIMARY KEY (`id`)
@@ -192,6 +192,7 @@ CREATE TABLE `board` (
     `create_by` varchar(64) not null default '',
     `update_at` bigint not null default 0,
     `update_by` varchar(64) not null default '',
+    `note` varchar(1024) not null default '' comment 'note',
     `public_cate` bigint NOT NULL NOT NULL DEFAULT 0 COMMENT '0 anonymous 1 login 2 busi',
     PRIMARY KEY (`id`),
     UNIQUE KEY (`group_id`, `name`),
@@ -546,6 +547,7 @@ CREATE TABLE `builtin_payloads` (
   `name` varchar(191) NOT NULL COMMENT '''name of payload''',
   `tags` varchar(191) NOT NULL DEFAULT '' COMMENT '''tags of payload''',
   `content` longtext NOT NULL COMMENT '''content of payload''',
+  `note` varchar(1024) NOT NULL DEFAULT '' COMMENT '''note of payload''',
   `created_at` bigint(20) NOT NULL DEFAULT 0 COMMENT '''create time''',
   `created_by` varchar(191) NOT NULL DEFAULT '' COMMENT '''creator''',
   `updated_at` bigint(20) NOT NULL DEFAULT 0 COMMENT '''update time''',
@@ -674,7 +676,7 @@ CREATE TABLE `notify_tpl` (
     `name` varchar(255) not null,
     `content` text not null,
     `create_at` bigint DEFAULT 0 COMMENT 'create_at',
-    `create_by` varchar(64) DEFAULT '' COMMENT 'cerate_by',
+    `create_by` varchar(64) DEFAULT '' COMMENT 'create_by',
     `update_at` bigint DEFAULT 0 COMMENT 'update_at',
     `update_by` varchar(64) DEFAULT '' COMMENT 'update_by',
     PRIMARY KEY (`id`),
@@ -836,8 +838,8 @@ CREATE TABLE `event_pipeline` (
     `description` varchar(255) not null default '',
     `filter_enable` tinyint(1) not null default 0,
     `label_filters` text,
-    `attribute_filters` text,
-    `processors` text,
+    `attr_filters` text,
+    `processor_configs` text,
     `create_at` bigint not null default 0,
     `create_by` varchar(64) not null default '',
     `update_at` bigint not null default 0,

docker/migratesql/migrate.sql

@@ -235,9 +235,8 @@ CREATE TABLE `event_pipeline` (
     `team_ids` text,
     `description` varchar(255) not null default '',
     `filter_enable` tinyint(1) not null default 0,
-    `label_filters` text,
-    `attribute_filters` text,
-    `processors` text,
+    `attr_filters` text,
+    `processor_configs` text,
     `create_at` bigint not null default 0,
     `create_by` varchar(64) not null default '',
     `update_at` bigint not null default 0,
@@ -273,8 +272,6 @@ CREATE TABLE `source_token` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 
-/* Add translation column for builtin metrics */
-ALTER TABLE `builtin_metrics` ADD COLUMN `translation` TEXT COMMENT 'translation of metric' AFTER `lang`;
 
 /* v8.0.0-beta.12 2025-06-03 */
 ALTER TABLE `alert_his_event` ADD COLUMN `notify_rule_ids` text COMMENT 'notify rule ids';
@@ -284,3 +281,15 @@ ALTER TABLE `alert_cur_event` ADD COLUMN `notify_rule_ids` text COMMENT 'notify
 -- 删除 builtin_metrics 表的 idx_collector_typ_name 唯一索引
 DROP INDEX IF EXISTS `idx_collector_typ_name` ON `builtin_metrics`;
 
+/* v8.0.0 2025-07-03 */
+ALTER TABLE `builtin_metrics` ADD COLUMN `translation` TEXT COMMENT 'translation of metric' AFTER `lang`;
+
+/* v8.4.0 2025-10-15 */
+ALTER TABLE `notify_rule` ADD COLUMN `extra_config` text COMMENT 'extra config';
+
+/* v8.4.1 2025-11-10 */
+ALTER TABLE `alert_rule` ADD COLUMN `pipeline_configs` text COMMENT 'pipeline configs';
+
+/* v8.4.2 2025-11-13 */
+ALTER TABLE `board` ADD COLUMN `note` varchar(1024) not null default '' comment 'note';
+ALTER TABLE `builtin_payloads` ADD COLUMN `note` varchar(1024) not null default '' comment 'note of payload';

docker/sqlite.sql

@@ -184,6 +184,7 @@ CREATE TABLE `board` (
     `create_by` varchar(64) not null default '',
     `update_at` bigint not null default 0,
     `update_by` varchar(64) not null default '',
+    `note` varchar(1024) not null default '',
     `public_cate` bigint not null default 0
 );
 CREATE UNIQUE INDEX idx_board_group_id_name ON `board` (group_id, name);
@@ -491,6 +492,7 @@ CREATE TABLE `builtin_payloads` (
   `name` varchar(191) not null,
   `tags` varchar(191) not null default '',
   `content` longtext not null,
+  `note` varchar(1024) not null default '',
   `created_at` bigint(20) not null default 0,
   `created_by` varchar(191) not null default '',
   `updated_at` bigint(20) not null default 0,

dscache/cache.go

@@ -57,3 +57,29 @@ func (cs *Cache) Get(cate string, dsId int64) (datasource.Datasource, bool) {
 
 	return cs.datas[cate][dsId], true
 }
+
+func (cs *Cache) Delete(cate string, dsId int64) {
+	cs.mutex.Lock()
+	defer cs.mutex.Unlock()
+	if _, found := cs.datas[cate]; !found {
+		return
+	}
+	delete(cs.datas[cate], dsId)
+
+	logger.Debugf("delete plugin:%s %d from cache", cate, dsId)
+}
+
+// GetAllIds 返回缓存中所有数据源的 ID，按类型分组
+func (cs *Cache) GetAllIds() map[string][]int64 {
+	cs.mutex.RLock()
+	defer cs.mutex.RUnlock()
+	result := make(map[string][]int64)
+	for cate, dsMap := range cs.datas {
+		ids := make([]int64, 0, len(dsMap))
+		for dsId := range dsMap {
+			ids = append(ids, dsId)
+		}
+		result[cate] = ids
+	}
+	return result
+}

dscache/sync.go

@@ -2,6 +2,7 @@ package dscache
 
 import (
 	"context"
+	"encoding/base64"
 	"strings"
 	"sync/atomic"
 	"time"
@@ -13,16 +14,38 @@ import (
 	_ "github.com/ccfos/nightingale/v6/datasource/mysql"
 	_ "github.com/ccfos/nightingale/v6/datasource/opensearch"
 	_ "github.com/ccfos/nightingale/v6/datasource/postgresql"
+	_ "github.com/ccfos/nightingale/v6/datasource/victorialogs"
 	"github.com/ccfos/nightingale/v6/dskit/tdengine"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/poster"
 
 	"github.com/toolkits/pkg/logger"
 )
 
 var FromAPIHook func()
 
+var DatasourceProcessHook func(items []datasource.DatasourceInfo) []datasource.DatasourceInfo
+
 func Init(ctx *ctx.Context, fromAPI bool) {
+	if !ctx.IsCenter {
+		// 从 center 同步密钥
+		var rsaConfig = new(models.RsaConfig)
+		c, err := poster.GetByUrls[*models.RsaConfig](ctx, "/v1/n9e/datasource-rsa-config")
+		if err != nil || c == nil {
+			logger.Fatalf("failed to get datasource rsa-config, error: %v", err)
+		}
+		rsaConfig = c
+		if c.OpenRSA {
+			logger.Infof("datasource rsa is open in n9e-plus")
+			rsaConfig.PrivateKeyBytes, err = base64.StdEncoding.DecodeString(c.RSAPrivateKey)
+			if err != nil {
+				logger.Fatalf("failed to decode rsa-config, error: %v", err)
+			}
+		}
+		models.SetRsaConfig(rsaConfig)
+	}
+
 	go getDatasourcesFromDBLoop(ctx, fromAPI)
 }
 
@@ -30,7 +53,7 @@ type ListInput struct {
 	Page       int    `json:"p"`
 	Limit      int    `json:"limit"`
 	Category   string `json:"category"`
-	PluginType string `json:"plugin_type"` // promethues
+	PluginType string `json:"plugin_type"` // prometheus
 	Status     string `json:"status"`
 }
 
@@ -61,6 +84,7 @@ func getDatasourcesFromDBLoop(ctx *ctx.Context, fromAPI bool) {
 			}
 			var dss []datasource.DatasourceInfo
 			for _, item := range items {
+
 				if item.PluginType == "prometheus" && item.IsDefault {
 					atomic.StoreInt64(&PromDefaultDatasourceId, item.Id)
 					foundDefaultDatasource = true
@@ -100,6 +124,10 @@ func getDatasourcesFromDBLoop(ctx *ctx.Context, fromAPI bool) {
 				atomic.StoreInt64(&PromDefaultDatasourceId, 0)
 			}
 
+			if DatasourceProcessHook != nil {
+				dss = DatasourceProcessHook(dss)
+			}
+
 			PutDatasources(dss)
 		} else {
 			FromAPIHook()
@@ -145,7 +173,10 @@ func esN9eToDatasourceInfo(ds *datasource.DatasourceInfo, item models.Datasource
 }
 
 func PutDatasources(items []datasource.DatasourceInfo) {
+	// 记录当前有效的数据源 ID，按类型分组
+	validIds := make(map[string]map[int64]struct{})
 	ids := make([]int64, 0)
+
 	for _, item := range items {
 		if item.Type == "prometheus" {
 			continue
@@ -163,7 +194,7 @@ func PutDatasources(items []datasource.DatasourceInfo) {
 
 		ds, err := datasource.GetDatasourceByType(typ, item.Settings)
 		if err != nil {
-			logger.Warningf("get plugin:%+v fail: %v", item, err)
+			logger.Debugf("get plugin:%+v fail: %v", item, err)
 			continue
 		}
 
@@ -174,6 +205,12 @@ func PutDatasources(items []datasource.DatasourceInfo) {
 		}
 		ids = append(ids, item.Id)
 
+		// 记录有效的数据源 ID
+		if _, ok := validIds[typ]; !ok {
+			validIds[typ] = make(map[int64]struct{})
+		}
+		validIds[typ][item.Id] = struct{}{}
+
 		// 异步初始化 client 不然数据源同步的会很慢
 		go func() {
 			defer func() {
@@ -185,5 +222,19 @@ func PutDatasources(items []datasource.DatasourceInfo) {
 		}()
 	}
 
+	// 删除 items 中不存在但 DsCache 中存在的数据源
+	cachedIds := DsCache.GetAllIds()
+	for cate, dsIds := range cachedIds {
+		for _, dsId := range dsIds {
+			if _, ok := validIds[cate]; !ok {
+				// 该类型在 items 中完全不存在，删除缓存中的所有该类型数据源
+				DsCache.Delete(cate, dsId)
+			} else if _, ok := validIds[cate][dsId]; !ok {
+				// 该数据源 ID 在 items 中不存在，删除
+				DsCache.Delete(cate, dsId)
+			}
+		}
+	}
+
 	logger.Debugf("get plugin by type success Ids:%v", ids)
 }

dskit/clickhouse/clickhouse.go

@@ -2,10 +2,10 @@ package clickhouse
 
 import (
 	"context"
+	"crypto/tls"
 	"database/sql"
 	"errors"
 	"fmt"
-	"io"
 	"strings"
 	"time"
 
@@ -14,7 +14,7 @@ import (
 
 	"github.com/ClickHouse/clickhouse-go/v2"
 	"github.com/mitchellh/mapstructure"
-	"github.com/toolkits/pkg/net/httplib"
+	"github.com/toolkits/pkg/logger"
 	ckDriver "gorm.io/driver/clickhouse"
 	"gorm.io/gorm"
 )
@@ -26,11 +26,19 @@ const (
 )
 
 type Clickhouse struct {
-	Nodes        []string `json:"ck.nodes" mapstructure:"ck.nodes"`
-	User         string   `json:"ck.user" mapstructure:"ck.user"`
-	Password     string   `json:"ck.password" mapstructure:"ck.password"`
-	Timeout      int      `json:"ck.timeout" mapstructure:"ck.timeout"`
-	MaxQueryRows int      `json:"ck.max_query_rows" mapstructure:"ck.max_query_rows"`
+	Nodes            []string `json:"ck.nodes" mapstructure:"ck.nodes"`
+	User             string   `json:"ck.user" mapstructure:"ck.user"`
+	Password         string   `json:"ck.password" mapstructure:"ck.password"`
+	Timeout          int      `json:"ck.timeout" mapstructure:"ck.timeout"`
+	MaxQueryRows     int      `json:"ck.max_query_rows" mapstructure:"ck.max_query_rows"`
+	Protocol         string   `json:"ck.protocol" mapstructure:"ck.protocol"`
+	SkipSSLVerify    bool     `json:"ck.skip_ssl_verify" mapstructure:"ck.skip_ssl_verify"`
+	SecureConnection bool     `json:"ck.secure_connection" mapstructure:"ck.secure_connection"`
+
+	// 连接池配置（可选）
+	MaxIdleConns    int `json:"ck.max_idle_conns" mapstructure:"ck.max_idle_conns"`       // 最大空闲连接数
+	MaxOpenConns    int `json:"ck.max_open_conns" mapstructure:"ck.max_open_conns"`       // 最大打开连接数
+	ConnMaxLifetime int `json:"ck.conn_max_lifetime" mapstructure:"ck.conn_max_lifetime"` // 连接最大生命周期（秒）
 
 	Client       *gorm.DB `json:"-"`
 	ClientByHTTP *sql.DB  `json:"-"`
@@ -44,46 +52,129 @@ func (c *Clickhouse) InitCli() error {
 	if len(c.Nodes) == 0 {
 		return fmt.Errorf("not found ck shard, please check datasource config")
 	}
+	// 前端只允许 host:port，直接使用第一个节点
 	addr := c.Nodes[0]
-	url := addr
-	if !strings.HasPrefix(url, "http://") {
-		url = "http://" + url
-	}
-	resp, err := httplib.Get(url).SetTimeout(time.Second * 1).Response()
-	// 忽略HTTP Code错误, 因为可能不是HTTP协议
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-	// HTTP 协议
-	if resp.StatusCode == 200 {
-		jsonBytes, _ := io.ReadAll(resp.Body)
-		if len(jsonBytes) > 0 && strings.Contains(strings.ToLower(string(jsonBytes)), "ok.") {
-			ckconn := clickhouse.OpenDB(&clickhouse.Options{
-				Addr: []string{addr},
-				Auth: clickhouse.Auth{
-					Username: c.User,
-					Password: c.Password,
-				},
-				Settings: clickhouse.Settings{
-					"max_execution_time": 60,
-				},
+
+	prot := strings.ToLower(strings.TrimSpace(c.Protocol))
+	// 如果用户显式指定 protocol，只允许 http 或 native
+	if prot != "" {
+		if prot != "http" && prot != "native" {
+			return fmt.Errorf("unsupported clickhouse protocol: %s, only `http`, `https` or `native` allowed", c.Protocol)
+		}
+
+		// HTTP(S) 路径（使用 clickhouse-go HTTP client）
+		if prot == "http" {
+			opts := &clickhouse.Options{
+				Addr:        []string{addr},
+				Auth:        clickhouse.Auth{Username: c.User, Password: c.Password},
+				Settings:    clickhouse.Settings{"max_execution_time": 60},
 				DialTimeout: 10 * time.Second,
 				Protocol:    clickhouse.HTTP,
-			})
+			}
+			// 仅当显式指定 https 时才启用 TLS 并使用 SkipSSL 控制 InsecureSkipVerify
+			if c.SecureConnection {
+				opts.TLS = &tls.Config{InsecureSkipVerify: c.SkipSSLVerify}
+			}
+			ckconn := clickhouse.OpenDB(opts)
 			if ckconn == nil {
 				return errors.New("db conn failed")
 			}
+			// 应用连接池配置到 HTTP sql.DB
+			if c.MaxIdleConns > 0 {
+				ckconn.SetMaxIdleConns(c.MaxIdleConns)
+			}
+			if c.MaxOpenConns > 0 {
+				ckconn.SetMaxOpenConns(c.MaxOpenConns)
+			}
+			if c.ConnMaxLifetime > 0 {
+				ckconn.SetConnMaxLifetime(time.Duration(c.ConnMaxLifetime) * time.Second)
+			}
 			c.ClientByHTTP = ckconn
 			return nil
 		}
+
+		// native 路径（使用 gorm + native driver）
+		dsn := fmt.Sprintf(ckDataSource, c.User, c.Password, addr)
+		// 如果启用了 SecureConnection，为 DSN 添加 TLS 参数；SkipSSLVerify 控制是否跳过证书校验
+		if c.SecureConnection {
+			dsn = dsn + "&secure=true"
+			if c.SkipSSLVerify {
+				dsn = dsn + "&skip_verify=true"
+			}
+		}
+		db, err := gorm.Open(
+			ckDriver.New(
+				ckDriver.Config{
+					DSN:                       dsn,
+					DisableDatetimePrecision:  true,
+					DontSupportRenameColumn:   true,
+					SkipInitializeWithVersion: false,
+				}),
+		)
+		if err != nil {
+			return err
+		}
+		// 应用连接池配置到 gorm 底层 *sql.DB
+		if sqlDB, derr := db.DB(); derr == nil {
+			if c.MaxIdleConns > 0 {
+				sqlDB.SetMaxIdleConns(c.MaxIdleConns)
+			}
+			if c.MaxOpenConns > 0 {
+				sqlDB.SetMaxOpenConns(c.MaxOpenConns)
+			}
+			if c.ConnMaxLifetime > 0 {
+				sqlDB.SetConnMaxLifetime(time.Duration(c.ConnMaxLifetime) * time.Second)
+			}
+		} else {
+			logger.Debugf("clickhouse: get native sql DB failed: %v", derr)
+		}
+		c.Client = db
+		return nil
 	}
 
+	opts := &clickhouse.Options{
+		Addr:        []string{addr},
+		Auth:        clickhouse.Auth{Username: c.User, Password: c.Password},
+		Settings:    clickhouse.Settings{"max_execution_time": 60},
+		DialTimeout: 10 * time.Second,
+		Protocol:    clickhouse.HTTP,
+	}
+
+	ckconn := clickhouse.OpenDB(opts)
+	if ckconn != nil {
+		// 做一次 Ping 校验，避免把 native 端口误当作 HTTP 使用
+		if err := ckconn.Ping(); err == nil {
+			if c.MaxIdleConns > 0 {
+				ckconn.SetMaxIdleConns(c.MaxIdleConns)
+			}
+			if c.MaxOpenConns > 0 {
+				ckconn.SetMaxOpenConns(c.MaxOpenConns)
+			}
+			if c.ConnMaxLifetime > 0 {
+				ckconn.SetConnMaxLifetime(time.Duration(c.ConnMaxLifetime) * time.Second)
+			}
+			c.ClientByHTTP = ckconn
+			return nil
+		} else {
+			logger.Debugf("clickhouse http ping failed for %s, fallback to native: %v", addr, err)
+			_ = ckconn.Close()
+		}
+	}
+
+	// 作为最后回退，尝试 native 连接
+	host := strings.TrimPrefix(strings.TrimPrefix(addr, "http://"), "https://")
+	dsn := fmt.Sprintf(ckDataSource, c.User, c.Password, host)
+	// 如果启用了 SecureConnection，为 DSN 添加 TLS 参数；SkipSSLVerify 控制是否跳过证书校验
+	if c.SecureConnection {
+		dsn = dsn + "&secure=true"
+		if c.SkipSSLVerify {
+			dsn = dsn + "&skip_verify=true"
+		}
+	}
 	db, err := gorm.Open(
 		ckDriver.New(
 			ckDriver.Config{
-				DSN: fmt.Sprintf(ckDataSource,
-					c.User, c.Password, addr),
+				DSN:                       dsn,
 				DisableDatetimePrecision:  true,
 				DontSupportRenameColumn:   true,
 				SkipInitializeWithVersion: false,
@@ -92,9 +183,18 @@ func (c *Clickhouse) InitCli() error {
 	if err != nil {
 		return err
 	}
-
+	if sqlDB, derr := db.DB(); derr == nil {
+		if c.MaxIdleConns > 0 {
+			sqlDB.SetMaxIdleConns(c.MaxIdleConns)
+		}
+		if c.MaxOpenConns > 0 {
+			sqlDB.SetMaxOpenConns(c.MaxOpenConns)
+		}
+		if c.ConnMaxLifetime > 0 {
+			sqlDB.SetConnMaxLifetime(time.Duration(c.ConnMaxLifetime) * time.Second)
+		}
+	}
 	c.Client = db
-
 	return nil
 }
 
@@ -129,9 +229,7 @@ func (c *Clickhouse) QueryRows(ctx context.Context, query string) (*sql.Rows, er
 
 // ShowDatabases lists all databases in Clickhouse
 func (c *Clickhouse) ShowDatabases(ctx context.Context) ([]string, error) {
-	var (
-		res []string
-	)
+	res := make([]string, 0)
 
 	rows, err := c.QueryRows(ctx, ShowDatabases)
 	if err != nil {
@@ -151,9 +249,7 @@ func (c *Clickhouse) ShowDatabases(ctx context.Context) ([]string, error) {
 
 // ShowTables lists all tables in a given database
 func (c *Clickhouse) ShowTables(ctx context.Context, database string) ([]string, error) {
-	var (
-		res []string
-	)
+	res := make([]string, 0)
 
 	showTables := fmt.Sprintf(ShowTables, database)
 	rows, err := c.QueryRows(ctx, showTables)

dskit/doris/doris.go

@@ -18,13 +18,21 @@ import (
 	"github.com/mitchellh/mapstructure"
 )
 
+const (
+	ShowIndexFieldIndexType  = "index_type"
+	ShowIndexFieldColumnName = "column_name"
+	ShowIndexKeyName         = "key_name"
+
+	SQLShowIndex = "SHOW INDEX FROM "
+)
+
 // Doris struct to hold connection details and the connection object
 type Doris struct {
 	Addr            string `json:"doris.addr" mapstructure:"doris.addr"`         // fe mysql endpoint
 	FeAddr          string `json:"doris.fe_addr" mapstructure:"doris.fe_addr"`   // fe http endpoint
 	User            string `json:"doris.user" mapstructure:"doris.user"`         //
 	Password        string `json:"doris.password" mapstructure:"doris.password"` //
-	Timeout         int    `json:"doris.timeout" mapstructure:"doris.timeout"`
+	Timeout         int    `json:"doris.timeout" mapstructure:"doris.timeout"`   // ms
 	MaxIdleConns    int    `json:"doris.max_idle_conns" mapstructure:"doris.max_idle_conns"`
 	MaxOpenConns    int    `json:"doris.max_open_conns" mapstructure:"doris.max_open_conns"`
 	ConnMaxLifetime int    `json:"doris.conn_max_lifetime" mapstructure:"doris.conn_max_lifetime"`
@@ -119,7 +127,7 @@ func (d *Doris) createTimeoutContext(ctx context.Context) (context.Context, cont
 	if timeout == 0 {
 		timeout = 60
 	}
-	return context.WithTimeout(ctx, time.Duration(timeout)*time.Second)
+	return context.WithTimeout(ctx, time.Duration(timeout)*time.Millisecond)
 }
 
 // ShowDatabases lists all databases in Doris
@@ -138,7 +146,7 @@ func (d *Doris) ShowDatabases(ctx context.Context) ([]string, error) {
 	}
 	defer rows.Close()
 
-	var databases []string
+	databases := make([]string, 0)
 	for rows.Next() {
 		var dbName string
 		if err := rows.Scan(&dbName); err != nil {
@@ -201,7 +209,7 @@ func (d *Doris) ShowResources(ctx context.Context, resourceType string) ([]strin
 	}
 
 	// 将 map 转换为切片
-	var resources []string
+	resources := make([]string, 0)
 	for name := range distinctName {
 		resources = append(resources, name)
 	}
@@ -226,7 +234,7 @@ func (d *Doris) ShowTables(ctx context.Context, database string) ([]string, erro
 	}
 	defer rows.Close()
 
-	var tables []string
+	tables := make([]string, 0)
 	for rows.Next() {
 		var tableName string
 		if err := rows.Scan(&tableName); err != nil {
@@ -312,6 +320,88 @@ func (d *Doris) DescTable(ctx context.Context, database, table string) ([]*types
 	return columns, nil
 }
 
+type TableIndexInfo struct {
+	ColumnName string `json:"column_name"`
+	IndexName  string `json:"index_name"`
+	IndexType  string `json:"index_type"`
+}
+
+// ShowIndexes 查询表的所有索引信息
+func (d *Doris) ShowIndexes(ctx context.Context, database, table string) ([]TableIndexInfo, error) {
+	if database == "" || table == "" {
+		return nil, fmt.Errorf("database and table names cannot be empty")
+	}
+
+	tCtx, cancel := d.createTimeoutContext(ctx)
+	defer cancel()
+
+	db, err := d.NewConn(tCtx, database)
+	if err != nil {
+		return nil, err
+	}
+
+	querySQL := fmt.Sprintf("%s `%s`.`%s`", SQLShowIndex, database, table)
+	rows, err := db.QueryContext(tCtx, querySQL)
+	if err != nil {
+		return nil, fmt.Errorf("failed to query indexes: %w", err)
+	}
+	defer rows.Close()
+
+	columns, err := rows.Columns()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get columns: %w", err)
+	}
+	count := len(columns)
+
+	// 预映射列索引
+	colIdx := map[string]int{
+		ShowIndexKeyName:         -1,
+		ShowIndexFieldColumnName: -1,
+		ShowIndexFieldIndexType:  -1,
+	}
+	for i, col := range columns {
+		lCol := strings.ToLower(col)
+		if lCol == ShowIndexKeyName || lCol == ShowIndexFieldColumnName || lCol == ShowIndexFieldIndexType {
+			colIdx[lCol] = i
+		}
+	}
+
+	var result []TableIndexInfo
+	for rows.Next() {
+		// 使用 sql.RawBytes 可以接受任何类型并转为 string，避免复杂的类型断言
+		scanArgs := make([]interface{}, count)
+		values := make([]sql.RawBytes, count)
+		for i := range values {
+			scanArgs[i] = &values[i]
+		}
+
+		if err = rows.Scan(scanArgs...); err != nil {
+			return nil, err
+		}
+
+		info := TableIndexInfo{}
+		if i := colIdx[ShowIndexFieldColumnName]; i != -1 && i < count {
+			info.ColumnName = string(values[i])
+		}
+		if i := colIdx[ShowIndexKeyName]; i != -1 && i < count {
+			info.IndexName = string(values[i])
+		}
+		if i := colIdx[ShowIndexFieldIndexType]; i != -1 && i < count {
+			info.IndexType = string(values[i])
+		}
+
+		if info.ColumnName != "" {
+			result = append(result, info)
+		}
+	}
+
+	if err = rows.Err(); err != nil {
+		return nil, fmt.Errorf("error iterating rows: %w", err)
+	}
+
+	return result, nil
+}
+
 // SelectRows selects rows from a specified table in Doris based on a given query with MaxQueryRows check
 func (d *Doris) SelectRows(ctx context.Context, database, table, query string) ([]map[string]interface{}, error) {
 	sql := fmt.Sprintf("SELECT * FROM %s.%s", database, table)

dskit/doris/logs.go

@@ -10,13 +10,14 @@ const (
 	TimeseriesAggregationTimestamp = "__ts__"
 )
 
+// QueryLogs 查询日志
 // TODO: 待测试, MAP/ARRAY/STRUCT/JSON 等类型能否处理
 func (d *Doris) QueryLogs(ctx context.Context, query *QueryParam) ([]map[string]interface{}, error) {
 	// 等同于 Query()
-	return d.Query(ctx, query)
+	return d.Query(ctx, query, true)
 }
 
-// 本质是查询时序数据, 取第一组, SQL由上层封装, 不再做复杂的解析和截断
+// QueryHistogram 本质是查询时序数据, 取第一组, SQL由上层封装, 不再做复杂的解析和截断
 func (d *Doris) QueryHistogram(ctx context.Context, query *QueryParam) ([][]float64, error) {
 	values, err := d.QueryTimeseries(ctx, query)
 	if err != nil {

dskit/doris/timeseries.go

@@ -15,6 +15,10 @@ const (
 	TimeFieldFormatDateTime    = "datetime"
 )
 
+type noNeedCheckMaxRowKey struct{}
+
+var NoNeedCheckMaxRow = noNeedCheckMaxRowKey{}
+
 // 不再拼接SQL, 完全信赖用户的输入
 type QueryParam struct {
 	Database string     `json:"database"`
@@ -39,7 +43,7 @@ var (
 )
 
 // Query executes a given SQL query in Doris and returns the results with MaxQueryRows check
-func (d *Doris) Query(ctx context.Context, query *QueryParam) ([]map[string]interface{}, error) {
+func (d *Doris) Query(ctx context.Context, query *QueryParam, checkMaxRow bool) ([]map[string]interface{}, error) {
 	// 校验SQL的合法性, 过滤掉 write请求
 	sqlItem := strings.Split(strings.ToUpper(query.Sql), " ")
 	for _, item := range sqlItem {
@@ -48,10 +52,12 @@ func (d *Doris) Query(ctx context.Context, query *QueryParam) ([]map[string]inte
 		}
 	}
 
-	// 检查查询结果行数
-	err := d.CheckMaxQueryRows(ctx, query.Database, query.Sql)
-	if err != nil {
-		return nil, err
+	if checkMaxRow {
+		// 检查查询结果行数
+		err := d.CheckMaxQueryRows(ctx, query.Database, query.Sql)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	rows, err := d.ExecQuery(ctx, query.Database, query.Sql)
@@ -63,8 +69,12 @@ func (d *Doris) Query(ctx context.Context, query *QueryParam) ([]map[string]inte
 
 // QueryTimeseries executes a time series data query using the given parameters with MaxQueryRows check
 func (d *Doris) QueryTimeseries(ctx context.Context, query *QueryParam) ([]types.MetricValues, error) {
-	// 使用 Query 方法执行查询，Query方法内部已包含MaxQueryRows检查
-	rows, err := d.Query(ctx, query)
+	// 默认需要检查，除非调用方声明不需要检查
+	checkMaxRow := true
+	if noCheck, ok := ctx.Value(NoNeedCheckMaxRow).(bool); ok && noCheck {
+		checkMaxRow = false
+	}
+	rows, err := d.Query(ctx, query, checkMaxRow)
 	if err != nil {
 		return nil, err
 	}

dskit/postgres/postgres.go

@@ -7,6 +7,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net/url"
 	"strings"
 	"time"
 
@@ -117,7 +118,8 @@ func (p *PostgreSQL) NewConn(ctx context.Context, database string) (*gorm.DB, er
 	}()
 
 	// Simplified connection logic for PostgreSQL
-	dsn := fmt.Sprintf("postgres://%s:%s@%s/%s?sslmode=disable&TimeZone=Asia/Shanghai", p.Shard.User, p.Shard.Password, p.Shard.Addr, database)
+	dsn := fmt.Sprintf("postgres://%s:%s@%s/%s?sslmode=disable&TimeZone=Asia/Shanghai", url.QueryEscape(p.Shard.User), url.QueryEscape(p.Shard.Password), p.Shard.Addr, database)
+
 	db, err = sqlbase.NewDB(
 		ctx,
 		postgres.Open(dsn),

dskit/sqlbase/base.go

@@ -48,7 +48,7 @@ func CloseDB(db *gorm.DB) error {
 
 // ShowTables retrieves a list of all tables in the specified database
 func ShowTables(ctx context.Context, db *gorm.DB, query string) ([]string, error) {
-	var tables []string
+	tables := make([]string, 0)
 
 	rows, err := db.WithContext(ctx).Raw(query).Rows()
 	if err != nil {

dskit/sqlbase/timeseries.go

@@ -79,10 +79,11 @@ func FormatMetricValues(keys types.Keys, rows []map[string]interface{}, ignoreDe
 	}
 
 	if keys.TimeKey == "" {
-		keys.TimeKey = "time"
-	}
-
-	if len(keys.TimeKey) > 0 {
+		// 默认支持 __time__ 和 time 作为时间字段
+		// 用户可以使用 as __time__ 来避免与表中已有的 time 字段冲突
+		keyMap["__time__"] = "time"
+		keyMap["time"] = "time"
+	} else {
 		keyMap[keys.TimeKey] = "time"
 	}
 
@@ -142,9 +143,25 @@ func FormatMetricValues(keys types.Keys, rows []map[string]interface{}, ignoreDe
 			labelsStrHash := fmt.Sprintf("%x", md5.Sum([]byte(strings.Join(labelsStr, ","))))
 
 			// Append new values to the existing metric, if present
-			ts, exists := metricTs[keys.TimeKey]
+			var ts float64
+			var exists bool
+
+			if keys.TimeKey == "" {
+				// 没有配置 timeKey，按优先级查找：__time__ > time
+				ts, exists = metricTs["__time__"]
+				if !exists {
+					ts, exists = metricTs["time"]
+				}
+			} else {
+				// 用户配置了 timeKey，使用用户配置的
+				ts, exists = metricTs[keys.TimeKey]
+			}
+
 			if !exists {
-				ts = float64(time.Now().Unix()) // Default to current time if not specified
+				// Default to current time if not specified
+				// 大多数情况下offset为空
+				// 对于记录规则延迟计算的情况，统计值的时间戳需要有偏移，以便跟统计值对应
+				ts = float64(time.Now().Unix()) - float64(keys.Offset)
 			}
 
 			valuePair := []float64{ts, value}
@@ -243,6 +260,14 @@ func parseTimeFromString(str, format string) (time.Time, error) {
 	if parsedTime, err := time.Parse(time.RFC3339, str); err == nil {
 		return parsedTime, nil
 	}
+
+	if parsedTime, err := time.Parse(time.DateTime, str); err == nil {
+		return parsedTime, nil
+	}
+
+	if parsedTime, err := time.Parse("2006-01-02 15:04:05.000000", str); err == nil {
+		return parsedTime, nil
+	}
 	if parsedTime, err := time.Parse(time.RFC3339Nano, str); err == nil {
 		return parsedTime, nil
 	}

dskit/sqlbase/timeseries_test.go

@@ -56,6 +56,49 @@ func TestFormatMetricValues(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "test __time__ priority over time",
+			keys: types.Keys{
+				ValueKey: "value",
+				LabelKey: "host",
+			},
+			rows: []map[string]interface{}{
+				{
+					"host":     "server1",
+					"value":    100,
+					"time":     int64(1715642100), // 这个应该被忽略
+					"__time__": int64(1715642135), // 这个应该被使用
+				},
+			},
+		},
+		{
+			name: "test fallback to time when __time__ not exists",
+			keys: types.Keys{
+				ValueKey: "value",
+				LabelKey: "host",
+			},
+			rows: []map[string]interface{}{
+				{
+					"host":  "server2",
+					"value": 200,
+					"time":  int64(1715642200), // 应该使用这个
+				},
+			},
+		},
+		{
+			name: "test __time__ alone without time field",
+			keys: types.Keys{
+				ValueKey: "value",
+				LabelKey: "host",
+			},
+			rows: []map[string]interface{}{
+				{
+					"host":     "server3",
+					"value":    300,
+					"__time__": int64(1715642300), // 应该使用这个
+				},
+			},
+		},
 	}
 
 	for _, tt := range tests {

dskit/tdengine/tdengine.go

@@ -122,7 +122,7 @@ func (tc *Tdengine) QueryTable(query string) (APIResponse, error) {
 }
 
 func (tc *Tdengine) ShowDatabases(context.Context) ([]string, error) {
-	var databases []string
+	databases := make([]string, 0)
 	data, err := tc.QueryTable("show databases")
 	if err != nil {
 		return databases, err
@@ -135,7 +135,7 @@ func (tc *Tdengine) ShowDatabases(context.Context) ([]string, error) {
 }
 
 func (tc *Tdengine) ShowTables(ctx context.Context, database string) ([]string, error) {
-	var tables []string
+	tables := make([]string, 0)
 	sql := fmt.Sprintf("show %s", database)
 	data, err := tc.QueryTable(sql)
 	if err != nil {

dskit/types/timeseries.go

@@ -48,4 +48,5 @@ type Keys struct {
 	LabelKey   string `json:"labelKey" mapstructure:"labelKey"` // 多个用空格分隔
 	TimeKey    string `json:"timeKey" mapstructure:"timeKey"`
 	TimeFormat string `json:"timeFormat" mapstructure:"timeFormat"` // not used anymore
+	Offset     int    `json:"offset" mapstructure:"offset"`
 }

dskit/victorialogs/victorialogs.go

@@ -0,0 +1,304 @@
+package victorialogs
+
+import (
+	"bufio"
+	"context"
+	"crypto/tls"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+)
+
+type VictoriaLogs struct {
+	VictorialogsAddr  string `json:"victorialogs.addr" mapstructure:"victorialogs.addr"`
+	VictorialogsBasic struct {
+		VictorialogsUser string `json:"victorialogs.user" mapstructure:"victorialogs.user"`
+		VictorialogsPass string `json:"victorialogs.password" mapstructure:"victorialogs.password"`
+		IsEncrypt        bool   `json:"victorialogs.is_encrypt" mapstructure:"victorialogs.is_encrypt"`
+	} `json:"victorialogs.basic" mapstructure:"victorialogs.basic"`
+	VictorialogsTls struct {
+		SkipTlsVerify bool `json:"victorialogs.tls.skip_tls_verify" mapstructure:"victorialogs.tls.skip_tls_verify"`
+	} `json:"victorialogs.tls" mapstructure:"victorialogs.tls"`
+	Headers      map[string]string `json:"victorialogs.headers" mapstructure:"victorialogs.headers"`
+	Timeout      int64             `json:"victorialogs.timeout" mapstructure:"victorialogs.timeout"` // millis
+	ClusterName  string            `json:"victorialogs.cluster_name" mapstructure:"victorialogs.cluster_name"`
+	MaxQueryRows int               `json:"victorialogs.max_query_rows" mapstructure:"victorialogs.max_query_rows"`
+
+	HTTPClient *http.Client `json:"-" mapstructure:"-"`
+}
+
+// LogEntry 日志条目
+type LogEntry map[string]interface{}
+
+// PrometheusResponse Prometheus 响应格式
+type PrometheusResponse struct {
+	Status string         `json:"status"`
+	Data   PrometheusData `json:"data"`
+	Error  string         `json:"error,omitempty"`
+}
+
+// PrometheusData Prometheus 数据部分
+type PrometheusData struct {
+	ResultType string           `json:"resultType"`
+	Result     []PrometheusItem `json:"result"`
+}
+
+// PrometheusItem Prometheus 数据项
+type PrometheusItem struct {
+	Metric map[string]string `json:"metric"`
+	Value  []interface{}     `json:"value,omitempty"`  // [timestamp, value]
+	Values [][]interface{}   `json:"values,omitempty"` // [[timestamp, value], ...]
+}
+
+// HitsResult hits 查询响应
+type HitsResult struct {
+	Hits []struct {
+		Total int64 `json:"total"`
+	}
+}
+
+// InitHTTPClient 初始化 HTTP 客户端
+func (vl *VictoriaLogs) InitHTTPClient() error {
+	transport := &http.Transport{
+		MaxIdleConns:        100,
+		MaxIdleConnsPerHost: 10,
+		IdleConnTimeout:     90 * time.Second,
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: vl.VictorialogsTls.SkipTlsVerify,
+		},
+	}
+
+	timeout := time.Duration(vl.Timeout) * time.Millisecond
+	if timeout == 0 {
+		timeout = 60 * time.Second
+	}
+
+	vl.HTTPClient = &http.Client{
+		Transport: transport,
+		Timeout:   timeout,
+	}
+
+	return nil
+}
+
+// Query 执行日志查询
+// GET/POST /select/logsql/query?query=<query>&start=<start>&end=<end>&limit=<limit>
+func (vl *VictoriaLogs) Query(ctx context.Context, query string, start, end int64, limit int) ([]LogEntry, error) {
+	params := url.Values{}
+	params.Set("query", query)
+
+	if start > 0 {
+		params.Set("start", strconv.FormatInt(start, 10))
+	}
+	if end > 0 {
+		params.Set("end", strconv.FormatInt(end, 10))
+	}
+	if limit > 0 {
+		params.Set("limit", strconv.Itoa(limit))
+	} else {
+		params.Set("limit", strconv.Itoa(vl.MaxQueryRows)) // 默认 1000 条
+	}
+
+	endpoint := fmt.Sprintf("%s/select/logsql/query", vl.VictorialogsAddr)
+
+	resp, err := vl.doRequest(ctx, "POST", endpoint, params)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("read response body failed: %w", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("query failed: status=%d, body=%s", resp.StatusCode, string(body))
+	}
+
+	// VictoriaLogs returns NDJSON format (one JSON object per line)
+	var logs []LogEntry
+	scanner := bufio.NewScanner(strings.NewReader(string(body)))
+	for scanner.Scan() {
+		line := scanner.Text()
+		if line == "" {
+			continue
+		}
+		var entry LogEntry
+		if err := json.Unmarshal([]byte(line), &entry); err != nil {
+			return nil, fmt.Errorf("decode log entry failed: %w, line=%s", err, line)
+		}
+		logs = append(logs, entry)
+	}
+	if err := scanner.Err(); err != nil {
+		return nil, fmt.Errorf("scan response failed: %w", err)
+	}
+
+	return logs, nil
+}
+
+// StatsQuery 执行统计查询（单点时间）
+// POST /select/logsql/stats_query?query=<query>&time=<time>
+func (vl *VictoriaLogs) StatsQuery(ctx context.Context, query string, time int64) (*PrometheusResponse, error) {
+	params := url.Values{}
+	params.Set("query", query)
+
+	if time > 0 {
+		params.Set("time", strconv.FormatInt(time, 10))
+	}
+
+	endpoint := fmt.Sprintf("%s/select/logsql/stats_query", vl.VictorialogsAddr)
+
+	resp, err := vl.doRequest(ctx, "POST", endpoint, params)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("read response body failed: %w", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("stats query failed: status=%d, body=%s", resp.StatusCode, string(body))
+	}
+
+	var result PrometheusResponse
+	if err := json.Unmarshal(body, &result); err != nil {
+		return nil, fmt.Errorf("decode response failed: %w, body=%s", err, string(body))
+	}
+
+	if result.Status != "success" {
+		return nil, fmt.Errorf("query failed: %s", result.Error)
+	}
+
+	return &result, nil
+}
+
+// StatsQueryRange 执行统计查询（时间范围）
+// POST /select/logsql/stats_query_range?query=<query>&start=<start>&end=<end>&step=<step>
+func (vl *VictoriaLogs) StatsQueryRange(ctx context.Context, query string, start, end int64, step string) (*PrometheusResponse, error) {
+	params := url.Values{}
+	params.Set("query", query)
+
+	if start > 0 {
+		params.Set("start", strconv.FormatInt(start, 10))
+	}
+	if end > 0 {
+		params.Set("end", strconv.FormatInt(end, 10))
+	}
+	if step != "" {
+		params.Set("step", step)
+	}
+
+	endpoint := fmt.Sprintf("%s/select/logsql/stats_query_range", vl.VictorialogsAddr)
+
+	resp, err := vl.doRequest(ctx, "POST", endpoint, params)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("read response body failed: %w", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("stats query range failed: status=%d, body=%s", resp.StatusCode, string(body))
+	}
+
+	var result PrometheusResponse
+	if err := json.Unmarshal(body, &result); err != nil {
+		return nil, fmt.Errorf("decode response failed: %w, body=%s", err, string(body))
+	}
+
+	if result.Status != "success" {
+		return nil, fmt.Errorf("query failed: %s", result.Error)
+	}
+
+	return &result, nil
+}
+
+// HitsLogs 返回查询命中的日志数量，用于计算 total
+// POST /select/logsql/hits?query=<query>&start=<start>&end=<end>
+func (vl *VictoriaLogs) HitsLogs(ctx context.Context, query string, start, end int64) (int64, error) {
+	params := url.Values{}
+	params.Set("query", query)
+
+	if start > 0 {
+		params.Set("start", strconv.FormatInt(start, 10))
+	}
+	if end > 0 {
+		params.Set("end", strconv.FormatInt(end, 10))
+	}
+
+	endpoint := fmt.Sprintf("%s/select/logsql/hits", vl.VictorialogsAddr)
+
+	resp, err := vl.doRequest(ctx, "POST", endpoint, params)
+	if err != nil {
+		return 0, err
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return 0, fmt.Errorf("read response body failed: %w", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return 0, fmt.Errorf("hits query failed: status=%d, body=%s", resp.StatusCode, string(body))
+	}
+
+	var result HitsResult
+	if err := json.Unmarshal(body, &result); err != nil {
+		return 0, fmt.Errorf("decode response failed: %w, body=%s", err, string(body))
+	}
+
+	if len(result.Hits) == 0 {
+		return 0, nil
+	}
+
+	return result.Hits[0].Total, nil
+}
+
+// doRequest 执行 HTTP 请求
+func (vl *VictoriaLogs) doRequest(ctx context.Context, method, endpoint string, params url.Values) (*http.Response, error) {
+	var req *http.Request
+	var err error
+
+	if method == "GET" {
+		fullURL := endpoint
+		if len(params) > 0 {
+			fullURL = fmt.Sprintf("%s?%s", endpoint, params.Encode())
+		}
+		req, err = http.NewRequestWithContext(ctx, method, fullURL, nil)
+	} else {
+		// POST with form data
+		req, err = http.NewRequestWithContext(ctx, method, endpoint, strings.NewReader(params.Encode()))
+		if err == nil {
+			req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		}
+	}
+
+	if err != nil {
+		return nil, fmt.Errorf("create request failed: %w", err)
+	}
+
+	if vl.VictorialogsBasic.VictorialogsUser != "" {
+		req.SetBasicAuth(vl.VictorialogsBasic.VictorialogsUser, vl.VictorialogsBasic.VictorialogsPass)
+	}
+
+	// Custom Headers
+	for k, v := range vl.Headers {
+		req.Header.Set(k, v)
+	}
+
+	return vl.HTTPClient.Do(req)
+}

dskit/victorialogs/victorialogs_test.go

@@ -0,0 +1,136 @@
+package victorialogs
+
+import (
+	"context"
+	"testing"
+	"time"
+)
+
+var v = VictoriaLogs{
+	VictorialogsAddr: "http://127.0.0.1:9428",
+	Headers:          make(map[string]string),
+	Timeout:          10000, // 10 seconds in milliseconds
+}
+
+func TestVictoriaLogs_InitHTTPClient(t *testing.T) {
+	if err := v.InitHTTPClient(); err != nil {
+		t.Fatalf("InitHTTPClient failed: %v", err)
+	}
+	if v.HTTPClient == nil {
+		t.Fatal("HTTPClient should not be nil after initialization")
+	}
+}
+
+func TestVictoriaLogs_Query(t *testing.T) {
+	ctx := context.Background()
+	if err := v.InitHTTPClient(); err != nil {
+		t.Fatalf("InitHTTPClient failed: %v", err)
+	}
+
+	// Query logs with basic query
+	now := time.Now().UnixNano()
+	start := now - int64(time.Hour) // 1 hour ago
+	end := now
+
+	logs, err := v.Query(ctx, "*", start, end, 10)
+	if err != nil {
+		t.Fatalf("Query failed: %v", err)
+	}
+	t.Logf("Query returned %d log entries", len(logs))
+	for i, log := range logs {
+		t.Logf("Log[%d]: %v", i, log)
+	}
+}
+
+func TestVictoriaLogs_StatsQuery(t *testing.T) {
+	ctx := context.Background()
+	if err := v.InitHTTPClient(); err != nil {
+		t.Fatalf("InitHTTPClient failed: %v", err)
+	}
+
+	// Stats query with count
+	now := time.Now().UnixNano()
+	result, err := v.StatsQuery(ctx, "* | stats count() as total", now)
+	if err != nil {
+		t.Fatalf("StatsQuery failed: %v", err)
+	}
+	t.Logf("StatsQuery result: status=%s, resultType=%s", result.Status, result.Data.ResultType)
+	for i, item := range result.Data.Result {
+		t.Logf("Result[%d]: metric=%v, value=%v", i, item.Metric, item.Value)
+	}
+}
+
+func TestVictoriaLogs_StatsQueryRange(t *testing.T) {
+	ctx := context.Background()
+	if err := v.InitHTTPClient(); err != nil {
+		t.Fatalf("InitHTTPClient failed: %v", err)
+	}
+
+	// Stats query range
+	now := time.Now().UnixNano()
+	start := now - int64(time.Hour) // 1 hour ago
+	end := now
+
+	result, err := v.StatsQueryRange(ctx, "* | stats count() as total", start, end, "5m")
+	if err != nil {
+		t.Fatalf("StatsQueryRange failed: %v", err)
+	}
+	t.Logf("StatsQueryRange result: status=%s, resultType=%s", result.Status, result.Data.ResultType)
+	for i, item := range result.Data.Result {
+		t.Logf("Result[%d]: metric=%v, values count=%d", i, item.Metric, len(item.Values))
+	}
+}
+
+func TestVictoriaLogs_HitsLogs(t *testing.T) {
+	ctx := context.Background()
+	if err := v.InitHTTPClient(); err != nil {
+		t.Fatalf("InitHTTPClient failed: %v", err)
+	}
+
+	// Get total hits count
+	now := time.Now().UnixNano()
+	start := now - int64(time.Hour) // 1 hour ago
+	end := now
+
+	count, err := v.HitsLogs(ctx, "*", start, end)
+	if err != nil {
+		t.Fatalf("HitsLogs failed: %v", err)
+	}
+	t.Logf("HitsLogs total count: %d", count)
+}
+
+func TestVictoriaLogs_QueryWithFilter(t *testing.T) {
+	ctx := context.Background()
+	if err := v.InitHTTPClient(); err != nil {
+		t.Fatalf("InitHTTPClient failed: %v", err)
+	}
+
+	// Query with a filter condition
+	now := time.Now().UnixNano()
+	start := now - int64(time.Hour)
+	end := now
+
+	logs, err := v.Query(ctx, "_stream:{app=\"test\"}", start, end, 5)
+	if err != nil {
+		t.Fatalf("Query with filter failed: %v", err)
+	}
+	t.Logf("Query with filter returned %d log entries", len(logs))
+}
+
+func TestVictoriaLogs_StatsQueryByField(t *testing.T) {
+	ctx := context.Background()
+	if err := v.InitHTTPClient(); err != nil {
+		t.Fatalf("InitHTTPClient failed: %v", err)
+	}
+
+	// Stats query grouped by field
+	now := time.Now().UnixNano()
+	result, err := v.StatsQuery(ctx, "* | stats by (level) count() as cnt", now)
+	if err != nil {
+		t.Fatalf("StatsQuery by field failed: %v", err)
+	}
+	t.Logf("StatsQuery by field result: status=%s", result.Status)
+	for i, item := range result.Data.Result {
+		t.Logf("Result[%d]: metric=%v, value=%v", i, item.Metric, item.Value)
+	}
+}

etc/config.toml

@@ -90,8 +90,6 @@ MaxLifetime = 7200
 MaxOpenConns = 150
 # max idle connections
 MaxIdleConns = 50
-# enable auto migrate or not
-# EnableAutoMigrate = false
 
 [Redis]
 # address, ip:port or ip1:port,ip2:port for cluster and sentinel(SentinelAddrs)

etc/metrics.yaml

@@ -53,7 +53,7 @@ zh:
   mem_huge_page_size: 每个大页的大小
   mem_huge_pages_free: 池中尚未分配的 HugePages 数量
   mem_huge_pages_total: 预留HugePages的总个数
-  mem_inactive: 空闲的内存数(包括free和avalible的内存)
+  mem_inactive: 空闲的内存数(包括free和available的内存)
   mem_low_free: 未被使用的低位大小
   mem_low_total: 低位内存总大小,低位可以达到高位内存一样的作用，而且它还能够被内核用来记录一些自己的数据结构
   mem_mapped: 设备和文件等映射的大小
@@ -105,8 +105,8 @@ zh:
   netstat_udp_mem: UDP套接字内存Page使用量
   netstat_udplite_inuse: 正在使用的 udp lite 数量
   netstat_raw_inuse: 正在使用的 raw socket 数量
-  netstat_frag_inuse: ip fragement 数量
-  netstat_frag_memory: ip fragement 已经分配的内存(byte）
+  netstat_frag_inuse: ip fragment 数量
+  netstat_frag_memory: ip fragment 已经分配的内存(byte）
 
   #[ping]
   ping_percent_packet_loss: ping数据包丢失百分比(%)
@@ -143,7 +143,7 @@ zh:
   nginx_active: 当前nginx正在处理的活动连接数,等于Reading/Writing/Waiting总和
   nginx_handled: 自nginx启动起,处理过的客户端连接总数
   nginx_reading: 正在读取HTTP请求头部的连接总数
-  nginx_requests: 自nginx启动起,处理过的客户端请求总数,由于存在HTTP Krrp-Alive请求,该值会大于handled值
+  nginx_requests: 自nginx启动起,处理过的客户端请求总数,由于存在HTTP Keep-Alive请求,该值会大于handled值
   nginx_upstream_check_fall: upstream_check模块检测到后端失败的次数
   nginx_upstream_check_rise: upstream_check模块对后端的检测次数
   nginx_upstream_check_status_code: 后端upstream的状态,up为1,down为0
@@ -327,7 +327,7 @@ en:
   mem_huge_page_size: "The size of each big page"
   mem_huge_pages_free: "The number of Huge Pages in the pool that have not been allocated"
   mem_huge_pages_total: "Reserve the total number of Huge Pages"
-  mem_inactive: "Free memory (including the memory of free and avalible)"
+  mem_inactive: "Free memory (including the memory of free and available)"
   mem_low_free: "Unused low size"
   mem_low_total: "The total size of the low memory memory can achieve the same role of high memory, and it can be used by the kernel to record some of its own data structure"
   mem_mapped: "The size of the mapping of equipment and files"
@@ -369,7 +369,7 @@ en:
   netstat_tcp_time_wait: "Time _ WAIT status network link number"
   netstat_udp_socket: "Number of network links in UDP status"
 
-  processes_blocked: "The number of processes in the unreprudible sleep state('U','D','L')"
+  processes_blocked: "The number of processes in the unreproducible sleep state('U','D','L')"
   processes_dead: "Number of processes in recycling('X')"
   processes_idle: "Number of idle processes hanging('I')"
   processes_paging: "Number of paging processes('P')"
@@ -397,7 +397,7 @@ en:
   nginx_active: "The current number of activity connections that Nginx is being processed is equal to Reading/Writing/Waiting"
   nginx_handled: "Starting from Nginx, the total number of client connections that have been processed"
   nginx_reading: "Reading the total number of connections on the http request header"
-  nginx_requests: "Since nginx is started, the total number of client requests processed, due to the existence of HTTP Krrp - Alive requests, this value will be greater than the handled value"
+  nginx_requests: "Since nginx is started, the total number of client requests processed, due to the existence of HTTP Keep-Alive requests, this value will be greater than the handled value"
   nginx_upstream_check_fall: "UPStream_CHECK module detects the number of back -end failures"
   nginx_upstream_check_rise: "UPSTREAM _ Check module to detect the number of back -end"
   nginx_upstream_check_status_code: "The state of the backstream is 1, and the down is 0"
@@ -663,7 +663,7 @@ en:
   # vmalloc已分配的内存，虚拟地址空间上的连续的内存
   node_memory_VmallocUsed_bytes: Amount of vmalloc area which is used
   # vmalloc区可用的连续最大快的大小，通过此指标可以知道vmalloc可分配连续内存的最大值
-  node_memory_VmallocChunk_bytes: Largest contigious block of vmalloc area which is free
+  node_memory_VmallocChunk_bytes: Largest contiguous block of vmalloc area which is free
   # 内存的硬件故障删除掉的内存页的总大小
   node_memory_HardwareCorrupted_bytes: Amount of RAM that the kernel identified as corrupted / not working
   # 用于在虚拟和物理内存地址之间映射的内存
@@ -700,7 +700,7 @@ en:
   # 匿名页内存大小
   node_memory_AnonPages_bytes: Memory in user pages not backed by files
   # 被关联的内存页大小
-  node_memory_Mapped_bytes: Used memory in mapped pages files which have been mmaped, such as libraries
+  node_memory_Mapped_bytes: Used memory in mapped pages files which have been mapped, such as libraries
   # file-backed内存页缓存大小
   node_memory_Cached_bytes: Parked file data (file content) cache
   # 系统中有多少匿名页曾经被swap-out、现在又被swap-in并且swap-in之后页面中的内容一直没发生变化

go.mod

@@ -1,12 +1,18 @@
 module github.com/ccfos/nightingale/v6
 
-go 1.23.0
+go 1.24.0
 
 require (
 	github.com/BurntSushi/toml v1.4.0
 	github.com/ClickHouse/clickhouse-go/v2 v2.23.2
 	github.com/IBM/sarama v1.45.0
 	github.com/VictoriaMetrics/metricsql v0.81.1
+	github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.13
+	github.com/alibabacloud-go/dingtalk v1.6.95
+	github.com/alibabacloud-go/gateway-dingtalk v1.0.2
+	github.com/alibabacloud-go/openapi-util v0.1.1
+	github.com/alibabacloud-go/tea v1.3.13
+	github.com/alibabacloud-go/tea-utils/v2 v2.0.7
 	github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de
 	github.com/bitly/go-simplejson v0.5.1
 	github.com/coreos/go-oidc v2.2.1+incompatible
@@ -75,7 +81,11 @@ require (
 
 require (
 	github.com/VictoriaMetrics/metrics v1.34.0 // indirect
+	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect
+	github.com/alibabacloud-go/debug v1.0.1 // indirect
 	github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect
+	github.com/aliyun/credentials-go v1.4.6 // indirect
+	github.com/clbanning/mxj/v2 v2.7.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/eapache/go-resiliency v1.7.0 // indirect
 	github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 // indirect
@@ -94,10 +104,12 @@ require (
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rogpeppe/go-internal v1.13.1 // indirect
+	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/valyala/fastrand v1.1.0 // indirect
 	github.com/valyala/histogram v1.2.0 // indirect
 	github.com/yuin/gopher-lua v1.1.1 // indirect
-	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sync v0.18.0 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	modernc.org/libc v1.22.5 // indirect
 	modernc.org/mathutil v1.5.0 // indirect
 	modernc.org/memory v1.5.0 // indirect
@@ -148,11 +160,11 @@ require (
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/automaxprocs v1.5.2 // indirect
 	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/crypto v0.32.0 // indirect
+	golang.org/x/crypto v0.45.0 // indirect
 	golang.org/x/image v0.18.0 // indirect
-	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/net v0.47.0 // indirect
+	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/text v0.31.0 // indirect
 	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
@@ -161,4 +173,6 @@ require (
 
 replace golang.org/x/exp v0.0.0-20231006140011-7918f672742d => golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1
 
+replace github.com/olivere/elastic/v7 => github.com/n9e/elastic/v7 v7.0.33-0.20251031061708-f480a2dfcfa7
+
 // replace github.com/flashcatcloud/ibex => ../github.com/flashcatcloud/ibex