Open roman-tasi opened 2 years ago
I am running my test rule command and am getting this:
elastalert_status - {'rule_name': 'Lockout Alerting', 'endtime': datetime.datetime(2021, 9, 28, 18, 52, 47, 137084, tzinfo=tzutc()), 'starttime': datetime.datetime(2021, 9, 28, 17, 52, 11, 137084, tzinfo=tzutc()), 'matches': 76742, 'hits': 76742, '@timestamp': datetime.datetime(2021, 9, 28, 18, 54, 48, 709983, tzinfo=tzutc()), 'time_taken': 118.85222268104553}
Basically I don't know why my matches is equal to my hits. Also it isn't logical for me to have 76742 matches. Also the sample rule command is printing this out repeatedly:
silence - {'exponent': 0, 'rule_name': 'Lockout Alerting.10.100.10.83', '@timestamp': datetime.datetime(2021, 9, 28, 18, 54, 46, 435723, tzinfo=tzutc()), 'until': datetime.datetime(2021, 9, 28, 18, 55, 46, 435708, tzinfo=tzutc())}
but obviously with different IPs and timestamps, but all have the silence tag.
silence
Can anyone help?
I am running my test rule command and am getting this:
elastalert_status - {'rule_name': 'Lockout Alerting', 'endtime': datetime.datetime(2021, 9, 28, 18, 52, 47, 137084, tzinfo=tzutc()), 'starttime': datetime.datetime(2021, 9, 28, 17, 52, 11, 137084, tzinfo=tzutc()), 'matches': 76742, 'hits': 76742, '@timestamp': datetime.datetime(2021, 9, 28, 18, 54, 48, 709983, tzinfo=tzutc()), 'time_taken': 118.85222268104553}Basically I don't know why my matches is equal to my hits. Also it isn't logical for me to have 76742 matches. Also the sample rule command is printing this out repeatedly:
silence - {'exponent': 0, 'rule_name': 'Lockout Alerting.10.100.10.83', '@timestamp': datetime.datetime(2021, 9, 28, 18, 54, 46, 435723, tzinfo=tzutc()), 'until': datetime.datetime(2021, 9, 28, 18, 55, 46, 435708, tzinfo=tzutc())}but obviously with different IPs and timestamps, but all have the
silencetag.Can anyone help?