elastalert | 易学教程

How to have elastalert triger when the sum of a field, for all documents that match a query, exceeds some value

阅读更多关于 How to have elastalert triger when the sum of a field, for all documents that match a query, exceeds some value

问题 Can elastalert be triggered when the sum of a field for all documents that match a query exceeds some value? Say each document has a "price" value - Can elastalert be triggered when the sum of the "price" values over the last day exceeds 200, for example? Example document: { type: "transaction", price: 20.32 } Example rule in english: The sum of all documents where type = 'transaction' over the past hour exceeds 200 回答1: This is not supported out of the box by ElastAlert. There's an open

Customize the information in an alert received by elastalert plugin for elasticsearch

阅读更多关于 Customize the information in an alert received by elastalert plugin for elasticsearch

I have configured elastalert instance with my elasticsearch host. I have also created an example rule which will be checking for loglevel and alert when that pattern is matched in the logs. Everything is working fine, I am getting the alerts on my slack channel correctly. The only concern is the information/data in the alert which I am receiving . The elastalert plugin is sending all the attributes associated with the pattern I am looking for; but I am not interested in all the information. All I care about is about some particular attributes. Here is an example of my rule: # Alert when the

Customize the information in an alert received by elastalert plugin for elasticsearch

阅读更多关于 Customize the information in an alert received by elastalert plugin for elasticsearch

问题 I have configured elastalert instance with my elasticsearch host. I have also created an example rule which will be checking for loglevel and alert when that pattern is matched in the logs. Everything is working fine, I am getting the alerts on my slack channel correctly. The only concern is the information/data in the alert which I am receiving . The elastalert plugin is sending all the attributes associated with the pattern I am looking for; but I am not interested in all the information.

How to solve "Error connecting to SMTP host: [Errno 10061] No connection could be made because the target machine actively refused it''?

阅读更多关于 How to solve "Error connecting to SMTP host: [Errno 10061] No connection could be made because the target machine actively refused it''?

问题 I am creating an application where I need to send mail for some particular logs. Here is my rule file: es_host: localhost es_port: 9200 name: Log Level Test type: frequency index: testindexv4 num_events: 1 timeframe: hours: 4 filter: - term: log_level.keyword: "ERROR" - query: query_string: query: "log_level.keyword: ERROR" alert: - "email" email: - "<mailId>@gmail.com" Here is the config.yaml rules_folder: myrules run_every: seconds: 2 buffer_time: seconds: 10 es_host: localhost es_port: