Open phap96019 opened 2 years ago
When I restart my Elastalert, it query old documents again (these documents has been match before). How do I can make my Elastalert not query to matched document when I restat EA. This is my config: config.yml:
run_every: seconds: 30 rules_folder: /opt/elastalert/rules output_file_path: '/tmp/alerts.log' buffer_time: days: 1 use_ssl: true verify_certs: false writeback_index: elastalert_status disable_rules_on_error: false
rule.yml
name: P2P-RULE type: "elastalert_modules.somerule.Somerule" timestamp_field: timestamp index: activity realert: minutes: 0 filter: - query: query_string: query: "type:p2p_recognition" run_every: seconds: 10 alert: "elastalert_modules.alertCustom.Alertcustom" http_post_url: "http://myapi.com" ...
When I restart my Elastalert, it query old documents again (these documents has been match before). How do I can make my Elastalert not query to matched document when I restat EA. This is my config: config.yml:
rule.yml