Open wangcrazy1 opened 1 year ago
name: send log issue fence to cloudwise type: flatline
threshold: 10000
timeframe: minutes: 6
filter:
query: "log.file.path: Fence_PROD_BSP_FENCE*"
use_count_query: true doc_type: _doc
index: tesla* realert: minutes: 1
query_key:
include:
It send the num_hits only contians one minute when rule run every minutes. I think the num_hits should be sum of six minutes hits.
https://help.logit.io/en/articles/3772556-configure-flatline-alerts-for-elasticsearch
Rule name, must be unique
name: send log issue fence to cloudwise type: flatline
threshold: 10000
if the frequency of events drops below threshold in timeframe minutes, an alert is triggered
timeframe: minutes: 6
A list of elasticsearch filters used for find events
These filters are joined with AND and nested in a filtered query
For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
filter:
query: "input.type: log"
query: "log.file.path: Fence_PROD_BSP_FENCE*"
query: "log.file.path: test_it_temp*"
use_count_query: true doc_type: _doc
index: tesla* realert: minutes: 1
query_key:
include:
- log.file.path
include:
(Required)
The alert is use when a match is found
alert: post
alert: "elastalert_modules.my_alerts.HTTPPostEpochAlerter" http_post_url: "http://10.195.129.232:50003/xxx_nolog" http_post_static_payload: check: "tesla receive log from fence" hostname: "CN000VM5080" logpath: "C:\SEEBURGER\PROD_BSP_CS\log\Fence_PROD_BSP_FENCE02\Fence_PROD_BSP_FENCE02.lgw" http_post_payload: matches: num_hits timestamp: "@timestamp"
It send the num_hits only contians one minute when rule run every minutes. I think the num_hits should be sum of six minutes hits.