Stack Overflow
Stack Overflow

Questions tagged [elastalert]

ElastAlert is a framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch.

ElastAlert is open source library from Yelp built using python, which can be used to create alerts on top of Elasticsearch. These alerts can be email, JIRA , slack, hipchat and many more.

https://elastalert.readthedocs.io/en/latest/elastalert.html

143 questions
2
votes
1 answer

Elastalert fails importing monotonic from time in module stomp

Looks like since 2020 elastalert fails when it's imported log says: cannot import monotonic from time
xpeiro
  • 733
  • 5
  • 21
2
votes
1 answer

ElastAlert and changing E-mail content

I've just gotten started with ElastAlert and I love it. I have an application up and running that basically sends me e-mails. My problem now is that the e-mails contain a whole bunch of unnecessary information that I would like to remove. I've…
Prince of Sweden
  • 415
  • 7
  • 18
2
votes
0 answers

Alerting on sum of value of two fields in a document using Elast Alert

I want to alert on sum of two fields. Each document will have only one of the two fields. Ex: { "number1" : 30 } { "number2": 20 } Above are the two documents under same index, I want to alert if sum(sum(number1),sum(number2) in last one hour…
Monk
  • 64
  • 6
2
votes
0 answers

Elastalert - Aggregation issue's

I am using Elasticsearch and Elastalert to send simple alerts to my slack channel. Everything was fine until I started using aggregation and now it says that alert_sent:false. I read some questions about aggregation not alerting. Is there a way to…
Doris
  • 21
  • 1
2
votes
3 answers

Elastalert rule for CPU usage in percentage

I am facing issue with elastalert rule for CPU usage (not load average). I am not getting any hit and match. Below is my .yaml file for CPU rule: name: CPU usgae type: metric_aggregation index: metricbeat-* buffer_time: minutes: 10 metric_agg_key:…
Tekchand Dagar
  • 317
  • 1
  • 7
  • 18
2
votes
1 answer

Email sending error in elastalert. SMTPSenderRefused: (530, '5.5.1 Authentication Required)

i got gmail authentication error. my config and error message as below I already allowed less secure apps in gmail. Config.yaml file email section as below name: frequency_rule type: frequency index: security num_events: 50 timeframe: …
CVN-92
  • 21
  • 3
2
votes
1 answer

Unable to access data inside alert section of elastalert

I have been trying to set up elastalert monitoring on my ELK stack. For the beginning I want to set up a simple rule which will generate a notification if any disk on the file system has reached 80% usage. The rule seems to be working correctly but…
shshnk
  • 1,621
  • 14
  • 26
2
votes
1 answer

how can I confing Config.yaml in elasticalert?

I am completely new in usung of Elastcalert. I am trying to use Elasticalert for striking email when no log is sent to logstash from my client server. I have successfully installed Elastcalert on my master server. However, when I run…
A.Mani
  • 71
  • 1
  • 9
2
votes
1 answer

Elastalert whitelist/blacklist not working

So I have a certain query running in (Yelp's) Elastalert and I am trying to filter out logs containing one of several keywords. If I use the any rule type, I get a set of 30 matches to the certain query I have. When I change the ruletype to…
TallChuck
  • 1,725
  • 11
  • 28
2
votes
1 answer

"HTTP:400 project is required" error while creating JIRA alert using Yelp ElastAlert library

While creating JIRA alert using ElastAlert library facing issue ERROR:root:Error while running alert jira: Error creating JIRA ticket: HTTP 400: "project is required" Though I have configured the jira_project property below is content of my…
Vaibhav Tupe
  • 33
  • 1
  • 7
2
votes
3 answers

Query a specific time-range and alert at specific time of the day

I need to run a rule at 2 am, querying logs from 0 to 2 am, and alert if matches are found. So far all the rules I created are frequency rules, but I don't know how to achieve the specific time range for the query, and a specific time for the alert,…
Sebastian Slutzky
  • 382
  • 1
  • 5
  • 22
2
votes
2 answers

ElastAlert Not working

I am trying to make a rule on elastAlert. Config.yaml rules_folder: example_rules run_every: minutes: 1 buffer_time: minutes: 1 es_host: localhost es_port: 9200 writeback_index: elastalert_status alert_time_limit: days:…
Priyansh Goel
  • 2,660
  • 1
  • 13
  • 37
2
votes
1 answer

Aggregate values in ElastAlert rules

I need to write an ElastAlert rule that aggregates the values of events. The 'value' is one of fields in the ES document. For example, I need the total of all values, or the average. I'm new to Python so was wondering if there are examples for such…
bbk007
  • 71
  • 1
  • 6
1
vote
1 answer

the version of python3 and elastalert

I have python3.10 installed in my ubuntu 22.04 and I want to install Elastalert in the doc, it requires python 3.6 I should change the version to 3.6 or not? https://elastalert.readthedocs.io/en/latest/running_elastalert.html#
morad della3
  • 29
  • 3
1
vote
0 answers

The version of python does Elastalert Need to be installed in ubuntu 22.04

does Elastalert need python3.6 exactly or does any version of python I see in the doc of Elastalert that it requires python3.6 ...? https://elastalert.readthedocs.io/en/latest/running_elastalert.html#
morad della3
  • 29
  • 3
1
2
3
9 10