Hello
I want this rule to send me an email when elastalert detect at least 5 times in less 10 secondes a certain type of log containing a string of characters.
Here my rule, but I dont get email with 6 logs sent in less 10 secondes.
I'm using this command to send logs :
logger -t corosync is down
`
es_host: ip
es_port: port
name: TEST
type: frequency
index: filebeat-*
filter:
"email"
alert_text_type: alert_text_only
alert_text: |
Link is down on host {0}
See full message : {1}
THIS IS A TEST MESSAGE
alert_text_args: ["host.name", "message"]
alert_subject: "[ElastAlert] PROXMOX : Link down alert"
from_addr: "addresse"
email:
Hello I want this rule to send me an email when elastalert detect at least 5 times in less 10 secondes a certain type of log containing a string of characters. Here my rule, but I dont get email with 6 logs sent in less 10 secondes. I'm using this command to send logs : logger -t corosync is down
` es_host: ip es_port: port name: TEST type: frequency index: filebeat-* filter:
Thanks for helping