Is it possible to store Alerts to elastsearch ?

[programmer74SHA]

hi all, Is it possible to store Alerts to elastsearch ? I want to store alerts to elasticsearch but I have the following error. Can anyone help?

name: save_to_elasticsearch
is_enabled: True
type: frequency
num_events: 2
priority: 3
timeframe:
  seconds: 1800

filter: 
- query:
    query_string:
      query: "event.plugin_id:1510 AND event.plugin_sid:8965"
index: "siem-event-*"
alert:
 - post

alert_text_type: alert_text_only

http_post_all_values: False
http_post_headers:
 content-type:"application/json"

http_post_url: "https://alert:password@localhost:9200/alerts/doc"`

 "alert_exception" : "Error posting HTTP Post alert: 400 Client Error: Bad Request for url: http://alert:password@localhost:9200/alerts/doc" 

[abhishekjiitr]

ElastAlert stores every alert it triggers automatically to the Elasticsearch Writeback Index (by default the index is elastalert) specified in the config file. See ElastAlert Metadata Index Documentation for more details. No need to send alerts information using http post alert type. In case you want to do it using http post alert type, you have to use Basic Authentication to post data to Elasticsearch as opposed to just embedding username & password in the post_url itself.

[fbaligand]

It would be great to add a specific alert type elasticsearch to be able to define a custom index, and custom fields based on alert informations.