Lack of documentation - Githubissues

zsh9527 commented 1 year ago

I customized part of the aggregate alarm rules, but there were no reports.

part `config.yaml`

# ElastAlert will buffer results from the most recent
# period of time, in case some log sources are not in real time
buffer_time:
  minutes: 1
# If an alert fails for some reason, ElastAlert will retry
# sending the alert until this time period has elapsed
alert_time_limit:
  minutes: 0

part `rule.yaml`

type: any

index: filebeat-dev-*

aggregation:
  minutes: 2
aggregation_key: 'fields.service'

filter:
- terms:
    fields.level: ["ERROR", "WARN"]

query_key: 'fields.content'
realert:
  minutes: 5
exponential_realert:
  hours: 1

result

It work normal, but never send alert even if arrived in time

solution

review the config.yaml

alert_time_limit:
  minutes: 2 
# connot set alert_time_limit to zero

problem

After read the source code, the aggregation config connot set alert_time_limit to zero.
But the document doesn't say anything about that.
You want to modify the source code or supplement the documentation

jertel commented 1 year ago

PR submitted: https://github.com/jertel/elastalert2/pull/1208

In the future, we'd appreciate submitting the actual fix via a PR, rather than filing a new issue for someone else to fix.

zsh9527 commented 1 year ago

Sorry, I've only read a little bit of the source code, so I'm not sure if it's better to change the documentation or the code

jertel / elastalert2

Lack of documentation #1206

part `config.yaml`

part `rule.yaml`

result

solution

problem

jertel / elastalert2

Lack of documentation #1206

part config.yaml

part rule.yaml

result

solution

problem

part `config.yaml`

part `rule.yaml`