Stack Overflow
Stack Overflow

Questions tagged [elastalert]

ElastAlert is a framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch.

ElastAlert is open source library from Yelp built using python, which can be used to create alerts on top of Elasticsearch. These alerts can be email, JIRA , slack, hipchat and many more.

https://elastalert.readthedocs.io/en/latest/elastalert.html

143 questions
1
vote
1 answer

Elastalert rule for different messages

Want to find and alert events by this rule: filter: - query: query_string: query: "message: *tried to login* OR message: *invalid username or password* OR message: *incorrect login attempts* OR message: *Couldn't find user…
sadux
  • 23
  • 5
1
vote
0 answers

Elastalert unable to change the default UTC timezone

I am using elastalert in docker. in my dockerfile i have set the timezone however, when i test rule it is using utc. how can we modify it Dockerfile ENV TZ=""
josh
  • 11
  • 4
1
vote
0 answers

ElastAlert frequency rule not getting any hit/find

I am unable to get any hit for frequency rule. I got boilerplate code from elastalert and updated host, port, index and query. Next I posted some data in elasticsearch for that I want to send email after it is looked up by elastalert. But elastalert…
Aamir Sheraz
  • 55
  • 1
  • 9
1
vote
0 answers

Elastalert Multiple Queries(hits) Count Value

I have been working on an elastalert frequency rule. I want to show the count of 3 types of hits in a single rule in my slack alert body. Is there any way to segregate the counts for each hit or create any scripted field to show the counts of the…
Zunera Nayyar
  • 11
  • 1
1
vote
0 answers

ElastAlert got 0 hits

I'm working on sending Kibana email alerts using Elastalert. I did all the setup and postfix is also working fine but I'm getting no hits and alerts. The following are my config.yaml and frequency.yaml: frequency.yaml # Rule name, must be…
Hidden
  • 31
  • 1
  • 4
1
vote
1 answer

Elastalert: How to run rule periodically

We are using Elastalert for alerting on Elasticsearch data. I want to run a rule periodically like rule should run every hour (1AM, 2AM,... 23PM) of a day. We are using below code snippet for the same. name: Test Alert type: frequency index:…
itsvks
  • 383
  • 1
  • 6
  • 16
1
vote
0 answers

More than one example_frequency.yaml in Elastalert

I am working on elastalert. I am able to send the email alerts whenever my condition matches. Now my use case is I want to send email whenever any error is encountered. So if its error : email content body should be "ERROR OCCURED" else if it's…
Tech Geek
  • 437
  • 1
  • 4
  • 19
1
vote
1 answer

Elastalert filter on log levels and send an email

I have some questions in elastalert which are really making me stuck. Your help is really needed as I am in the middle of an issue. My questions are below : Is there any way we can filter on the basis of log level or severity? Is there any way for…
Tech Geek
  • 437
  • 1
  • 4
  • 19
1
vote
1 answer

Unable to start ElastAlert : Only timezones from the pytz library are supported

Unable to test rule in elastic, I am running following command in terminal elastalert-test-rule --config config.yaml example_rules/example_frequency.yaml File "/usr/local/bin/elastalert-test-rule", line 11, in
Tech Geek
  • 437
  • 1
  • 4
  • 19
1
vote
0 answers

Set time for ElasrAlert slack notification

I have ElastAlert set up and all of my alerts coming in once per day with aggregate set at days:1. But I get the alert in the evening and I'd prefer to get the slack alert in the morning, the alerts from the previous 24 hours included. Can I set the…
Raven Robertson
  • 11
  • 2
1
vote
0 answers

Elastalert : Alert if match found in specific path

I have configured elastalert for alerting simple pattern matches. For one of our CRM services, we have multiple middle-ware components with the same match keywords (error codes : 404, 400, 500 etc) Is there a way where I can query for a match from a…
Pavan924
  • 11
  • 1
1
vote
0 answers

Send email from Kibana Canvas

I am using free ELK Stack 7.3.2 for process monitoring. Using Kibana Canvas for visualization of my uptime messaging. Here are the sample…
Boris Kleynbok
  • 317
  • 2
  • 5
  • 15
1
vote
2 answers

ElastAlert triggering every 5 minutes for a certain rule even though realert is set at 60 mins

I have an elastalert with type as frequency. If the number of hits is 1000 or more in 60 minutes, it should trigger the alert. The issue is, the moment it reaches 1000 hits within 5-6 minutes, it's triggering the alert instead of waiting for the…
Arnav Bose
  • 791
  • 4
  • 13
  • 27
1
vote
1 answer

How to fix "ImportError: No module named error"

I installed elastalert from git clone https://github.com/Yelp/elastalert.git and integrated with slack tool but when I try to run elastalert using command python -m elastalert.elastalert --verbose --rule example_frequency.yaml I am getting this…
Priyanka
  • 101
  • 1
  • 9
1
vote
0 answers

"No module named error" when try to run Elasticalert

When I try to run elastalert python -m elastalert.elastalert --verbose --start 2019-09-04 --rule rules/rule.yaml --config config.yaml I get following error. Traceback (most recent call last): File "/usr/lib/python2.7/runpy.py", line 174, in…
Nu-ONE
  • 679
  • 5
  • 19
1 2
3
9 10