How to send alert_text_args containing time alert was sent

[pweir-123]

Is there an easy way to use alert_text_args and alert_text in a frequency rule to send the currenttime when the alert was sent. I tried alert_time but got MISSING_VALUE in the output.

Also tried alert_text_args : ["datetime.datetime.now().strftime(\"%Y-%m-%dT%H:%M:%S.%fZ\")"] but got 00:05:00 in the output of the alert which matches the timeframe?

I am trying to use elastalert to trigger a heartbeat event with a timestamp of when the event is sent rather than the matches from elasticsearch. thanks.

[nsano-rururu]

I am trying to use elastalert to trigger a heartbeat event with a timestamp of when the event is sent rather than the matches from elasticsearch.

Isn't it an elastalert question? .. Please close.

[pweir-123]

I do not understand why you say this is not an elastalert question?

We are using a set of elastalert rules to generate alerts to a kafka bus from indexes in an elasticsearch. These flow to a different system for processing. I am trying to leverage the same flow to measure latency and want to find out if there is a way to use similar elastalert rules but control the value of the timestamp that is sent so it can either be the timestamps from the ES matches or when the rule is actually executing?

[nsano-rururu]

It's a setting I've never used, but maybe the following settings are relevant. I'm sorry it didn't help much.

timestamp_format https://elastalert.readthedocs.io/en/latest/ruletypes.html#timestamp-format

[pweir-123]

thanks. That looks like a way to customize the format. My question is how to have elastalert send the current time value when the alert triggers rather than the formatting of that value?

I do see alert_time when I set the alert_text_type to default.

Is there any example that shows one how to select fields from the output of running elastalert-test-rule with a default alert_text_type in the corresponding alert_text_args so that they can be included in alert_text which is sent when the action triggers?

[nsano-rururu]

I feel that it is not a standard function. I feel like I have to make the rules myself.

elastalert_kafka https://github.com/0xStormEye/elastalert_kafka Adding a New Rule Type https://elastalert.readthedocs.io/en/latest/recipes/adding_rules.html ElastAlertの監視ルールを拡張してすこしだけ幸せになる https://qiita.com/ihsiek/items/e8e89b274e99e48067a2

[hanjiangxue20]

You can try this: https://elastalert.readthedocs.io/en/latest/recipes/adding_enhancements.html

class MyEnhancement(BaseEnhancement): def process(self, match): match['@timestasmp'] = datetime.datetime.now().strftime("%Y-%m-%dT%H:%M:%S.%fZ")

alert_text_args:

• "@timestasmp"

[pweir-123]

Thanks for the suggestions