Below are my rule configs. The problem is I am unable to receive emails after the first one or two emails. Elastalert2 is running and its prints match found but don't send an alert except first alert when I started running the rule. Last email I received was 19 hours ago and no emails after that although matches are found and elasrtalert2 rule is running constantly.
es_host: localhost
es_port: 9200
# Rule name, must be unique
name: Platform aggrigation rule prod Oct13
type: any
index: new-logstash*
aggregation:
schedule: '0 */12 * * *'
filter:
- term:
loglevel.keyword: "ERROR"
- terms:
servicename.keyword: ["postoffice", "pqrs"]
# - query:
# query_string:
# query: "message: enrolled"
# (Required)
# The alert is use when a match is found
alert:
- "email"
from_addr: "devtest@abc.com"
# (required, email specific)
# a list of email addresses to send alerts to
email:
#- "aamir.xyz@abc.net"
- "team@abc.net"
email_format: html
smtp_host: "mail.abc.com"
#smtp_host: "smtp.gmail.com"
smtp_port: 587 #for google email addresses
smtp_ssl: false
smtp_auth_file: "smtp_auth_file.yaml"
alert_subject: "Error Alert"
alert_text_type: alert_text_only
alert_text_args: ["loglevel","host.hostname","logtime","messageDetails", "servicename"]
alert_text: <html>
