elastalert

来源： https://stackoverflow.com/questions/64458858/email-elastalert-not-triggering-on-average-aggregation-query

来源： https://stackoverflow.com/questions/64458858/email-elastalert-not-triggering-on-average-aggregation-query

来源： https://stackoverflow.com/questions/64458858/email-elastalert-not-triggering-on-average-aggregation-query

来源： https://stackoverflow.com/questions/64458858/email-elastalert-not-triggering-on-average-aggregation-query

问题 I'm writing Elastalart rules for heartbeat i.e if service or machine are/is down, I should get notified. Right now I can create one rule for service per one file like below. name: My Alert type: frequency index: heartbeat-* num_events: 5 timeframe: minutes: 2 filter: - query: query_string: query: "url.domain: MY_LOCALHOST01.local AND monitor.status: down" alert: - "email" email: - "user@example.in" Is there any way, can I specify multiple rules??... I can specify multiple filter like below ..

问题 I'm writing Elastalart rules for heartbeat i.e if service or machine are/is down, I should get notified. Right now I can create one rule for service per one file like below. name: My Alert type: frequency index: heartbeat-* num_events: 5 timeframe: minutes: 2 filter: - query: query_string: query: "url.domain: MY_LOCALHOST01.local AND monitor.status: down" alert: - "email" email: - "user@example.in" Is there any way, can I specify multiple rules??... I can specify multiple filter like below ..

问题 I'm writing Elastalart rules for heartbeat i.e if service or machine are/is down, I should get notified. Right now I can create one rule for service per one file like below. name: My Alert type: frequency index: heartbeat-* num_events: 5 timeframe: minutes: 2 filter: - query: query_string: query: "url.domain: MY_LOCALHOST01.local AND monitor.status: down" alert: - "email" email: - "user@example.in" Is there any way, can I specify multiple rules??... I can specify multiple filter like below ..

问题 I am running this query against AWS Elasticsearch 5.1 and getting a malformed query error. Here is the body of the request. I am basically just checking if the field exists during the time range. { "query": { "bool": { "filter": { "bool": { "must": [ { "range": { "@timestamp": { "gt": "2017-03-21T15:37:08.595919Z", "lte": "2017-04-21T15:52:08.595919Z" } } }, { "query": [ { "query_string": { "query": "_exists_: $event.supplier" } } ] } ] } } } }, "sort": [ { "@timestamp": { "order": "asc" } }

问题 I am running this query against AWS Elasticsearch 5.1 and getting a malformed query error. Here is the body of the request. I am basically just checking if the field exists during the time range. { "query": { "bool": { "filter": { "bool": { "must": [ { "range": { "@timestamp": { "gt": "2017-03-21T15:37:08.595919Z", "lte": "2017-04-21T15:52:08.595919Z" } } }, { "query": [ { "query_string": { "query": "_exists_: $event.supplier" } } ] } ] } } } }, "sort": [ { "@timestamp": { "order": "asc" } }

问题 I'm using Spring data Elasticsearch to parse data in ELasticseach . I have already there an indexed element ( elastalert ) witch contains the alert_sent property. So what i want to do is returning all alerts that were sent to the admin. I tried defining a method in the Repository List<Alert> findByAlert_sentTrue() but it seems that the underscore is a problem (as mentioned in the documentation http://docs.spring.io/spring-data/elasticsearch/docs/current/reference/html/#repositories.query