Something wrong with the rules - Githubissues

jertel / elastalert2

ElastAlert 2 is a continuation of the original yelp/elastalert project. Pull requests are appreciated!

https://elastalert2.readthedocs.org

Apache License 2.0

922 stars 287 forks source link

Something wrong with the rules #1295

Closed baiyibing123 closed 12 months ago

baiyibing123 commented 12 months ago

name: nginx type: frequency index: nginx filter:

query: query_string: query: "status: (501 OR 502 OR 503 OR 504 OR 500)" num_events: 100 timeframe: minutes: 1 alert:
"elastalert_modules.feishu_alert.FeiShuAlerter"

feishu_webhook: "xxx" feishu_msgtype: "text"

alert_text: | kibana_url: "xxx" http_host: {} request_uri: {} status: {} _id: {} alarm_reason: "1分钟内{}条日志出现报错" alert_text_args:

http_host
request_uri
status
_id
num_matches alert_text_type: alert_text_only

These are my rules, I think the alarm should only be triggered if num_matches is greater than 100, but when the alarm comes out, I find the value of num_matches is 1