Open DenitThomas opened 3 years ago
Hi, Could someone please look at this rule file and let me know what am missing? When I try to test the rule using elastalert-test-rule, it says "Didn't get any results"
Frequency Rule File -
es_host: 10.10.10.41 es_port: 19200 name: 424 Rule type: frequency index: syslog-ng* use_strftime_index: true num_events: 5 timestamp_field: ISODATE timeframe: hours: 4 filter: - query: query_string: query: "MESSAGE: *Completed 424 FAILED_DEPENDENCY  " alert: - "email" email: - "abc@abc.com"
In ELK, I do see lot of 424 FAILED_DEPENDENCY errors within the last 4 hours.
DenitThomas
commented
3 years ago 
Hi, Could someone please look at this rule file and let me know what am missing? When I try to test the rule using elastalert-test-rule, it says "Didn't get any results"
Frequency Rule File -
In ELK, I do see lot of 424 FAILED_DEPENDENCY errors within the last 4 hours.