Hello everyone, I am new to elastic search and elastalert, and I am trying to create my first rule and alert. I configure a frequency alert, but I did not get an hit.
The rule configuration file is this:
# Rule name, must be unique
name: Email Auto download
# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
type: frequency
# (Required)
# Index to search, wildcard supported
index: gr-winlogbeat-*
# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
num_events: 3
# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
timeframe:
hours: 1
timestamp_field: "@timestamp"
# (Required)
# A list of Elasticsearch filters used for find events
# These filters are joined with AND and nested in a filtered query
# For more info: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html
filter:
- term:
winlog.provider_name: "Email Auto Download Service"
#log.level: "error"
# (Required)
# The alert is use when a match is found
alert:
- "email"
# (required, email specific)
# a list of email addresses to send alerts to
email:
- "myalert@gmail.com"
Hello everyone, I am new to elastic search and elastalert, and I am trying to create my first rule and alert. I configure a frequency alert, but I did not get an hit.
The rule configuration file is this:
Here is my kibana dashboard
And the elastalert output:
Thank you in advance.