Open ankit22321 opened 2 years ago
Getting below error for percentage_match alert type: Error running query: RequestError(400, 'parsing_exception', '[not] query malformed, no start_object after query name')
Here is my config yaml
name: delta-rule-001 alert_text_type: exclude_fields alert_subject_args: - beat.hostname alert_subject: "Some subject text" alert_text_args: [ "@timestamp","beat.hostname","message","source" ,"tags" ] alert_text: "Host Name: {1}\nSource: {3}\nNotification Message : {2}\nTime : {0}\nTags {4}" type: percentage_match index: validIndex* buffer_time: minutes: 4 query_key: beat.hostname doc_type: message filter: - term: platform: "LINUX" match_bucket_filter: - term: type: "Vulnerability" max_percentage: 10 alert: - "email" email: [ "validReceiverEmail@xyz.com" ] smtp_host: valid.smtp.host.com smtp_port: 25 from_addr: validSenderEmail@xyz.com
Can someone please help out, what I am doing wrong.
Getting below error for percentage_match alert type: Error running query: RequestError(400, 'parsing_exception', '[not] query malformed, no start_object after query name')
Here is my config yaml
Can someone please help out, what I am doing wrong.