Does ElastAlert support --start and --end options?

[litsegaard]

I'm running the latest docker image of ElastAlert as a service in docker compose and need to be able to specify a new default timeframe. ElastAlert2 supports the command line arguments --start and --end to allow this. Is this supported by ElastAlert? I've tried the following in my docker compose file but they don't seem to be picked up:

    command:
      - "--start"
      - "2023-12-08T14:05:12.661Z"
      - "--end"
      - "2023-12-12T15:00:37.908Z"

Am I missing something else here in order for this to work? Many thanks in advance.

[nsano-rururu]

praeco does not support outputting start and end to yaml. Pull requests are welcome.

[litsegaard]

Ok, I fully understand specifying --start/--end in the rule yaml file is not supported but does it support command line arguments to the container just like ElastAlert2? If this is not possible, is the Praeco version of ElastAlert API compatible with ElastAlert2 meaning we'd be able to use Praeco with ElastAlert2 as backend instead?

[nsano-rururu]

You shouldn't use praeco to do what you want. The official docker image should have been published on elastalert2. We recommend operating the elastalert2 docker image alone.

[nsano-rururu]

https://hub.docker.com/r/jertel/elastalert2

[nsano-rururu]

praeco does not plan to add any functionality for the time being. Because Vue3 support is given top priority

[litsegaard]

No problem - I found that we may specify --start and --end in the api config json as "start": "" and "end:" "". However, I fully appreciate what you say - for our use case I concur with your suggestion to invoke the ElastAlert2 docker container with command line directives. Thanks for your support!

[nsano-rururu]

I didn't know that elastalert-server supports start and end.