Stack Overflow
Stack Overflow

Questions tagged [elastalert2]

For questions regarding ElastAlert 2, a continuation of the original ElastAlert, which is a framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch. If you're running ElastAlert 2 as a Docker container, consider adding the [docker] tag.

16 questions
0
votes
0 answers

Add multiple filter in ElastAlert

We have 2 fields in the ElasticSearch api_status = 400 or 200 or 500 api_url = /v1/myapi.com In elastAlert how can I get the filter to fetch if all status=400 that are coming for all events with api_url within 10min are 5% of the total…
Vaibhav
  • 1,154
  • 10
  • 26
0
votes
0 answers

Elastalert2 WARNING:apscheduler.scheduler skipped: maximum number of running instances reached

I am trying to run elastalert2 on my Centos 8 machine, and I get this error while doing so WARNING:apscheduler.scheduler:Execution of job "Rule: Testing Email Alert (trigger: interval[0:00:05], next run at: 2023-07-10 15:31:11 IST)" skipped:…
Atharva Sachin Tilak
  • 11
  • 2
0
votes
0 answers

elastalert-kibana plugin issue Cannot read properties of undefined (reading 'sort')

I am facing the issue with elastalert-kibana plugin with kibana version 8.5.1, where i am getting below error while accession ElasAlert from kibana home page in order to monitor elastalert rule alert undefined - undefined Cannot read properties of…
pratiksha tiwari
  • 21
  • 3
0
votes
0 answers

elastalert2 not sending email from O365 email address

I am trying to setup elastalert setup for my elasticsearch cluster to send email alert when specific threshold met, but i always get below message. "INFO:elastalert:Ran Example frequency rule from 2023-03-08 21:38 UTC to 2023-03-08 21:38 UTC: 0…
pratiksha tiwari
  • 21
  • 3
0
votes
0 answers

Elastalert ignores the documents that are already processed/seen in previous overlapping query

From elastalert documentation, I found that by default elastalert ignores the documents that are already processed/seen in previous overlapping query. 'already seen' refers to documents that were already counted in a previous overlapping query and…
Anonymous
  • 5
  • 3
0
votes
0 answers

Elastalert on Aggregate response of an Index

Can someone please help me configure elastalert rule: Index: elastalert_status Aggr on "rule_name" field. task: when aggr count response of rule_test_1 and rule_test_2 is at least "1". aggr query: GET elastalert_status/_search { "aggs": { …
Anonymous
  • 5
  • 3
0
votes
0 answers

How to use Barito JSON key in alert message of ElastAlert

I have set up the alerting in Kibana using the ElastAlert plugin. I have set up the slack integration which works well. I would like to have a custom message and use the JSON key's value but I am getting error when message is posted…
Malav Soni
  • 2,739
  • 1
  • 23
  • 52
0
votes
1 answer

ElastAlert2 No mapping found

I'm trying set ElastAlert for Opensearch 2.8. I Write config # This is the folder that contains the rule yaml files # Any .yaml file will be loaded as a rule rules_folder: /etc/elastalert/rules # How often ElastAlert will query Elasticsearch # The…
Анатолий Дорошенко
  • 1
  • 1
  • 2
0
votes
0 answers

Elastalert2 Message size exceeds maximum permitted exception and rule is disabled

I am getting the below-mentioned exception while running the rule. After this exception the rule becomes disabled. My requirement is either to ignore the exception and not disable the rule or fix the issue and not get this exception altogether. From…
Aamir Sheraz
  • 55
  • 1
  • 9
0
votes
0 answers

ElastAlert2 emails alerts not sending after first couple of triggers

Below are my rule configs. The problem is I am unable to receive emails after the first one or two emails. Elastalert2 is running and its prints match found but don't send an alert except first alert when I started running the rule. Last email I…
Aamir Sheraz
  • 55
  • 1
  • 9
0
votes
1 answer

Elastalert2 rules folder config not working

I'm using Elastalert2 now to get notifications from error log in slack. We need to receive alarms of all service logs through our dozens of rules. Docker builds ElastAlert2 and deploy it on Argocd. But, there is a problem that the rules_folder…
Ola
  • 1
  • 2
0
votes
0 answers

How can i write a rule for uptime monitoring (urls) in elastalert2?

How can i write a rule for uptime monitoring (urls) in elastalert2? Can you share any example?
terentius
  • 21
  • 4
0
votes
0 answers

How many rules elastalert can load? Limit of the rules for ElastAlert

Loading how many rule files is advisable with a single node elastalert? What is the hard limit for setting up the rules ? I have gone through following link but didnt get any answer https://gitter.im/Yelp/elastalert?at=56de6014b0cc3f1b4150f00e Can I…
Parimal Ramteke
  • 17
  • 1
  • 4
0
votes
1 answer

elastalert2 - alert text jinja templates - which variables are available?

I'd like to make our monitoring system a bit more "business user friendly". I am using elastalert2 for monitoring. The mails it generates by default are highly cryptic and my colleagues outside of technology do not understand them at all. I've been…
Matthias
  • 2,622
  • 1
  • 18
  • 29
-1
votes
1 answer

How to run ElastAlert on windows 12

Below is the stack trace I got when I ran the example rule. C:\Windows\system32>python -m elastalert.elastalert --verbose --rule example_fre quency.yaml Traceback (most recent call last): File…
Aamir Sheraz
  • 55
  • 1
  • 9
1
2