Hello, i could use the 'query_timezone' parameter to have my rule planned at the correct time for my zone (UTC+1) but i'am also using the 'limit_execution' parameter and i noticed that the method using it (handle_rule_execution in elastalert.py) does not take it in account.
I think it may cause delay in rule next run calculation.
Can you please check if it is necessary to modify method to handle 'query_timezone' ? or if there is no impact.
Regards
Update : i have a rule with this configuration :
limit_execution: " 6-23 * 1-6"
My run every, timeframe and buffer times are 5 minutes.
i received an alert à 7:02 this morning
I see that log :
elastalert Ran E-002 Detection - traffic trop bas 6h-23h from 2023-02-16 01:02 CET to 2023-02-16 07:00 CET: 6280 query hits (0 already seen), 84 matches, 1 alerts sent
It looks like there is indeed a 1 hour decay for the limit_execution pause.
Hello, i could use the 'query_timezone' parameter to have my rule planned at the correct time for my zone (UTC+1) but i'am also using the 'limit_execution' parameter and i noticed that the method using it (handle_rule_execution in elastalert.py) does not take it in account. I think it may cause delay in rule next run calculation. Can you please check if it is necessary to modify method to handle 'query_timezone' ? or if there is no impact.
Regards
Update : i have a rule with this configuration : limit_execution: " 6-23 * 1-6" My run every, timeframe and buffer times are 5 minutes. i received an alert à 7:02 this morning I see that log : elastalert Ran E-002 Detection - traffic trop bas 6h-23h from 2023-02-16 01:02 CET to 2023-02-16 07:00 CET: 6280 query hits (0 already seen), 84 matches, 1 alerts sent It looks like there is indeed a 1 hour decay for the limit_execution pause.
Regards