Following issue https://github.com/Yelp/elastalert/issues/3041 and PR https://github.com/Yelp/elastalert/pull/3141, when a rule has [scan_entire_timeframe: true] and [use_terms_query: true or use_count_query: true], the timeframe (i.e. 5 days) is evaluated correctly just at first run; from the second one, the timeframe will be set accordly to run_every value (i.e. 5 minutes).
This change only affects rules with option use_count_query or use_term_query.
Description
Following issue https://github.com/Yelp/elastalert/issues/3041 and PR https://github.com/Yelp/elastalert/pull/3141, when a rule has
[scan_entire_timeframe: true] and [use_terms_query: true or use_count_query: true], the timeframe (i.e. 5 days) is evaluated correctly just at first run; from the second one, the timeframe will be set accordly torun_everyvalue (i.e. 5 minutes). This change only affects rules with option use_count_query or use_term_query.Checklist
make test-dockerwith my changes.Questions or Comments