Questions tagged [elastalert]

ElastAlert is a framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch.

ElastAlert is open source library from Yelp built using python, which can be used to create alerts on top of Elasticsearch. These alerts can be email, JIRA , slack, hipchat and many more.

https://elastalert.readthedocs.io/en/latest/elastalert.html

143 questions

votes

1 answer

Elastalert in Openshift Origin Container

I would like to implement alerts for EFK stack, which is deployemnt in Openshift origin. To implement alerts, i used Elastalert. I used the krizsan/elastalert-docker docker image for it. oc run elastalertcore…

elasticsearch openshift-origin elastalert

asked Jun 21 '17 at 13:28

expuser111

votes

1 answer

ElastAlert ImportError: DLL load failed: The specified procedure could not be found

I'm having trouble running elastalert. This is the error I'm getting. I'm able to create an index, but I'm not sure what I'm missing as I can't run it. Thanks.

elasticsearch elastalert

asked May 23 '17 at 15:29

user3128376

votes

1 answer

How to call elasticsearch - ELK - API from elastalert?

This may not be right place to ask this question. But I could not find articles to do so. I have below packages installed on CentOS. Elasticsearch (I don't need it as I am trying to talk to ELK stack cluster using an API. I don't want ealsticsearch…

elasticsearch elastic-stack elastalert

asked Apr 19 '17 at 21:11

user3709172

votes

1 answer

custom fields in elastalert index created in elasticsearch

ElastAlert updates metadata related to the rules in the elastalert_status index in the elasticsearch. The fields available in that index have fields like:…

elasticsearch logstash alert kibana-5 elastalert

asked Apr 18 '17 at 07:25

v_sukt

1,384
1
10
21

votes

2 answers

Elastalert creating index not working

I'm installing elastalert in my local installation of ELK. When I run the command 'elastalert-create-index' I got this error message: Traceback (most recent call last): File "C:\Python27\Scripts\elastalert-create-index-script.py", line 11, in…

elasticsearch elastalert

asked Apr 06 '17 at 10:37

moictab

votes

1 answer

Creating % based alerts with elastalert

Currently with rule type Frequency(or any other), we can configure count based alerts. ex. if Error=404, occurs more than 5 times in last 1 hour. But I want to configure % based alerts and not count based alert. ex. If Error=404 goes beyond 10% in…

elasticsearch alert elastalert

asked Feb 22 '17 at 01:29

Vaibhav Tupe

votes

1 answer

How to incorporate script to spike elastalert

I want to setup an alert to notify me when an spike occurs. My data is structured as such: "_source": { "@timestamp": 2016-11-23T18:30:45.233Z, "invalid_request": 400, "total_request": 40000 } I want to setup…

elasticsearch elastic-stack elastalert

asked Nov 28 '16 at 23:51

Willam Marston

votes

1 answer

Generate a new email for each hit in elastalert

I am using ElastAlert for alerting via email when there is an error every 10 mins. There is an errorCode for each error. Is it possible to generate an email for each errorCode?

elastalert

asked Oct 06 '16 at 05:33

warrior107

votes

1 answer

ElastAlert splits the field

I am using ElastAlert to notify my consumers if an error occurs in past 10 mins. I want to send list of errors which occurred. But the items in the list are split into two if there is hyphen ('-') present in errorCode This is result I…

elasticsearch elastalert

asked Sep 30 '16 at 06:45

warrior107

votes

2 answers

ElastAlert Bash Startup Script Centos 7

I am trying to write a startup script that starts elastalert as a service. elastalert uses python and starts as follows: python -m elastalert --verbose --rule rules_folder/frequency.yaml --config config.yaml I've been trying to make it work with…

python bash shell elasticsearch elastalert

asked Sep 06 '16 at 15:14

rahrahruby

votes

2 answers

ElastAlert no hits

The following are my config.yaml and frequency.yaml config.yaml rules_folder: rules_folder run_every: seconds: 15 buffer_time: minutes: 1 es_host: localhost es_port: 9200 writeback_index: elastalert_status alert_time_limit: days:…

elasticsearch elastalert

asked Sep 02 '16 at 15:46

rahrahruby

votes

1 answer

Elastalert not alerting via email?

I am trying to utilize a simple rule using Elastalert, and it seems to not be functioning properly. My rule is: name: termrule type: Any index: logstash-* fields: - "ip" filter: - term: _type: "log" - term: agentip: 1.2.3.4 alert: email: -…

python elasticsearch elastalert

asked Aug 09 '16 at 03:50

georgetovrea

votes

1 answer

Alerts in elastalert are silenced when shouldn't

I want to receive alert for each hit of query. I use rule with "any" type. Documentation says set realert to 0 so I added next lines to config.yaml: realert: minutes: 0 but I still see in logs INFO:elastalert:Queried rule Client errors from…

elasticsearch elastalert

asked Jul 28 '16 at 21:52

4ybaka

2,954
4
16
21

votes

2 answers

How to run mutiple ElastAlert rules

I am learning to use ElastAlert. I would like to run multi cardinality rule by ElasAlert or using a better solution. For example, filter: - query: query_string: query: "message: *A*" filter: - query: query_string: query:…

elasticsearch logstash elastalert

asked Jun 28 '16 at 13:51

alan

votes

1 answer

Configure elastalert for remote elasticsearch cluster

I discover Elastalert and I installed it in my server. In this server there are only Kibana and elastalert install. When I start Elastalert with the following command : elastalert --es_debug_trace ./elastalert.log --rule…

elasticsearch elastalert

asked Jun 16 '16 at 13:35

C Barbaza

Prev 1 2 3

…

10 Next