Invalid multiple indexes specified - Githubissues

jertel / elastalert2

ElastAlert 2 is a continuation of the original yelp/elastalert project. Pull requests are appreciated!

https://elastalert2.readthedocs.org

Apache License 2.0

859 stars 277 forks source link

Invalid multiple indexes specified #1463

Closed bongmu closed 1 month ago

bongmu commented 1 month ago

Multiple indexes are specified. When the "error" keyword appears in multiple indexes at the same time, only one is matched and then an alarm is sounded. What I want is to match multiple indexes at the same time and sound an alarm in sequence.

config：

es_host: xxx es_port: 9200 name: "dev-all-err"

type: "frequency" index: "xxx-,xxx-,xxx-,xxx-" is_enabled: true

filter:

query: query_string: query: "message: ERROR"

num_events: 1

timeframe: minutes: 1

realert: minutes: 1

timestamp_field: "@timestamp" timestamp_type: "iso" use_strftime_index: true include: ["tags", "message", "@timestamp"]

alert_text_type: alert_text_only alert_text: | xxx

alert:

"dingtalk" dingtalk_access_token: "x" dingtalk_webhook: "https://oapi.dingtalk.com/robot/send?access_token=xxx" dingtalk_msgtype: "text"

jertel commented 1 month ago

See #11