I am still new with HELK but i m getting the hang of it. Currently i am trying to use the elastalert function in HELK. I already followed every steps from an article that i found. The alerts still not sending to my Slack channel/myself. All HELK setup and running on docker. everytime i made a change into the yaml file i always kill the docker and start it back but still nothing happens This is my configuration
helk-elastalert:
image: otrf/helk-elastalert:latest
container_name: helk-elastalert
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "6m"
restart: always
depends_on:
- helk-logstash
environment:
ES_HOST: helk-elasticsearch
ES_PORT: 9200
SLACK_WEBHOOK_URL: https://hooks.slack.com/services/<random-string>/<random-string>/<random-string>
networks:
helk:
This is his configuration
helk-elastalert:
build: helk-elastalert/
container_name: helk-elastalert
restart: always
depends_on:
— helk-elasticsearch
— helk-kibana
environment:
ES_HOST: helk-elasticsearch
ES_PORT: 9200
SLACK_WEBHOOK_URL: https://hooks.slack.com/XXXXXXXXXXXXXX
networks:
helk:
*Please do note that this is an old article so maybe this my configuration maybe a bit different from him.
There is also a script that he created to add the slack_webhook_url in the elastalert rule but when i try to run this script only *# *********** Setting Slack Integration ************** that is not running. I already have no idea how to make it work. Please help me
This is how the output should be kibana
