Bugfix - elastalert.util.format_index

jertel / elastalert2

ElastAlert 2 is a continuation of the original yelp/elastalert project. Pull requests are appreciated!

https://elastalert2.readthedocs.org

Apache License 2.0

895 stars 282 forks source link

Bugfix - elastalert.util.format_index #1325

Closed jmacdone closed 9 months ago

jmacdone commented 9 months ago

I didn't tick all the boxes for a proper PR, but see: https://github.com/jmacdone/elastalert2/commit/38b7c1f41d60201764e3c575437f7abbc788ac1d

In short, I'm using logstash-%Y.%m.%d.%H (i.e. hourly indexes), but the format_index is only tuned for daily indexes (the default for logstash). This checks for %H in the index pattern and changes to using a hours=1 timedetla. Better way?

nsano-rururu commented 9 months ago

It's an issue, not a pull request. Please submit a pull request.

jertel commented 9 months ago

I don't see an issue with this approach if you do want to submit a proper PR with all the requirements. I'm converting this issue into a Discussion since it doesn't represent a bug in the project, but more represents a discussion around a potential enhancement.