Stack Overflow
Stack Overflow

Questions tagged [elastalert]

ElastAlert is a framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch.

ElastAlert is open source library from Yelp built using python, which can be used to create alerts on top of Elasticsearch. These alerts can be email, JIRA , slack, hipchat and many more.

https://elastalert.readthedocs.io/en/latest/elastalert.html

143 questions
23
votes
1 answer

query malformed, no start_object after query name

I am running this query against AWS Elasticsearch 5.1 and getting a malformed query error. Here is the body of the request. I am basically just checking if the field exists during the time range. { "query": { "bool": { "filter": { …
lorem
  • 1,149
  • 3
  • 12
  • 25
12
votes
1 answer

Customize the information in an alert received by elastalert plugin for elasticsearch

I have configured elastalert instance with my elasticsearch host. I have also created an example rule which will be checking for loglevel and alert when that pattern is matched in the logs. Everything is working fine, I am getting the alerts on my…
XOR-Manik
  • 493
  • 1
  • 4
  • 19
9
votes
3 answers

How to solve "Error connecting to SMTP host: [Errno 10061] No connection could be made because the target machine actively refused it''?

I am creating an application where I need to send mail for some particular logs. Here is my rule file: es_host: localhost es_port: 9200 name: Log Level Test type: frequency index: testindexv4 num_events: 1 timeframe: hours: 4 filter: - term: …
Deva
  • 1,039
  • 1
  • 14
  • 40
5
votes
3 answers

Elastalert default install location

I followed this url to install Elastalert, however I don't even know where is that config.yaml.example file is located. Where does the elastalert gets installed by default? Am I missing anything?
windowws
  • 373
  • 1
  • 8
  • 20
4
votes
1 answer

Elastalert rule for disk space

I am monitoring disk space usage using metricbeat. Now I want alerts via Elastalert depending on the disk size. Alert when disk space used crossed 50% Alert when disk space used crossed 70% Alert when disk space used crossed 80% Alert when disk…
Debashish Sen
  • 696
  • 5
  • 12
4
votes
1 answer

Monitoring JHipster error starting jhipster-alerter

I have installed monitoring out of the box according to this link: http://www.jhipster.tech/monitoring/ When I start with: docker-compose up -d Everything starts but not Elastalert: First log: ERROR: for monitoring_jhipster-alerter_1 Cannot start…
powder366
  • 4,351
  • 7
  • 47
  • 79
3
votes
1 answer

Elastalert simplified multiple rules in one file

I'm writing Elastalart rules for heartbeat i.e if service or machine are/is down, I should get notified. Right now I can create one rule for service per one file like below. name: My Alert type: frequency index: heartbeat-* num_events: 5 timeframe: …
Veerendra K
  • 2,145
  • 7
  • 32
  • 61
3
votes
1 answer

Adding Plugin to Kibana Image in docker-compose.yml

I am new to using docker and trying to add the elastalert plugin to my kibana image. I am using Kibana 7.0.1 and Elasticsearch 7.0.1 and trying to use the elastalert 7.0.1 kibana plugin from github. When I run docker-compose up using the below…
imapotatoe123
  • 656
  • 1
  • 10
  • 21
3
votes
0 answers

Elastalert for no logs in 5 minutes

I am trying to write an elast alert for the condition: If there is no log coming from an application for 5 minutes, it should raise an alert. I tried the following rule but it is not working. Is there something I am missing in the syntax or the…
Arnav Bose
  • 791
  • 4
  • 13
  • 27
3
votes
0 answers

How to resolve 'Error connecting to SMTP host' in elastalert?

I am creating an application where I need to trigger a mail on particular event. When I run following command, python -m elastalert.elastalert --verbose --rule myrules\myrule.yml I get the error as ERROR:root:Error while running alert email:…
Deva
  • 1,039
  • 1
  • 14
  • 40
3
votes
0 answers

Why it's giving 'No mapping found for [alert_time] in order to sort on' error while running elastalert?

I am creating an application where I need to send a mail with elastalert. When I run command python -m elastalert.elastalert --verbose --rule myrules\myrule.yaml to trigger the rule, I am having an exception as…
Deva
  • 1,039
  • 1
  • 14
  • 40
3
votes
1 answer

How to adjust Kibana Dashboard link in ElastAlert

I have written the following rule type: frequency filter: - query: query_string: query: "category:foo.bar AND msg._:*Failure*" alert_text: "Total number of errors cross threshold..... Kibana link" alert_text_args: -…
Knows Not Much
  • 30,395
  • 60
  • 197
  • 373
3
votes
1 answer

How to have elastalert triger when the sum of a field, for all documents that match a query, exceeds some value

Can elastalert be triggered when the sum of a field for all documents that match a query exceeds some value? Say each document has a "price" value - Can elastalert be triggered when the sum of the "price" values over the last day exceeds 200, for…
Jim
  • 4,509
  • 16
  • 50
  • 80
2
votes
1 answer

Kibana Error Alerting - Filter Similiar Error Messages | Similarity Query [Elastalert]

My goal is to be alerted for unique error types only (Elasticsearch 6.8 + Elastalert). Example error logs (5 documents, same index, same field): Error 9837 in Component X trying to reconnect in 9.3 seconds Error 9837 in Component X trying to…
Martin Jaskulla
  • 495
  • 4
  • 13
2
votes
0 answers

How to use wildcard in elastalert rules

I need help in ELASTALERT I have a log message like this : log.info("Server is started at "+LocalDateTime.now()); and I need to write a query in rule for it: I am writing as - query: query_string: query: "message: *Server is*" It…
user14748001
1
2 3
9 10