heathharrelson
commented
3 years ago @hyt05 In case it's helpful, I had the same problem and resolved it using the scan_subdirectories option. Here's the relevant bit of my config.yaml:
# This is the folder that contains the rule yaml files
# Any .yaml file will be loaded as a rule
rules_folder: rules
# Should ElastAlert recursively search the rules_folder
# for rule yaml files.
# Disabled because it causes errors when files are mounted
# from a Kubernetes config map.
scan_subdirectories: false
# ... rest of config
My configuration parameters
rules_folder Parameters: It will try to load every .yaml file in the folder.
I run elastalert into kubernetes 1.18.3, and the rules file is mounted as configmap. But kubernetes will create two hidden folders in this directory ("/opt/elastalert/rules"), which are "..2021_02_02_02_32_32.793023263" and "..data". These two folders cause elastalert to retrieve these two folders. Yaml in two directories, because the rule names cannot be the same, it will stop running. Is there any good solution?