search

jertel / elastalert2

ElastAlert 2 is a continuation of the original yelp/elastalert project. Pull requests are appreciated!
https://elastalert2.readthedocs.org
Apache License 2.0
902 stars 284 forks source link

All alarms in the rule are silenced #1498

Closed wangchao732 closed 2 months ago

wangchao732 commented 2 months ago

I only have one rule, I want to make each alarm only generate once, and the repeated alarm is silent for an hour, but each time it seems to silence the whole rule? Why is that?

{ "_index" : "elastalert_status_silence", "_id" : "gDpZd5ABVEXVlDRlmDgv", "_version" : 1, "_seq_no" : 0, "_primary_term" : 1, "found" : true, "_source" : { "exponent" : 0, "rule_name" : "Prod Rule._silence", "@timestamp" : "2024-07-03T06:47:58.744077Z", "until" : "2024-07-03T06:47:58.744067Z" } }

There will be multiple different alarms in a rule, but it seems that the whole rule is silent.

name: Prod Rule type: any index: k8slog* num_events: 1 timeframe: minutes: 5 realert: hours: 1

jertel commented 2 months ago

Read #11 . Issues are for verified software bugs, not for asking for support. Open a discussion.