Closed ishukeshri2712 closed 1 month ago
Any Matches any result
BlackList Alert if it matches a blacklisted value
Whitelist Alert if it matches anything other than the whitelisted value
Change Monitor the fied value and issue an alert when the value changes.
Frequency Alert when the number of events occurring within the set period exceeds the threshold
Spike Count the number of events at a set interval, compare the results with the previous time, and if they are x times higher, issue an alert.
Flatline Count the number of events at the set interval and alert if the number of events is less than the threshold.
New Term Monitor field values and alert if an unconfirmed value appears
Cardinality Monitor the number of different field values and issue an alert when the number of different values exceeds a threshold.
Why don't you read the documentation? It's all written in the elastalert2 documentation. You just stubbornly refuse to read it.
Global Config
es_host The host name and IP address of the Elasticsearch to connect to
es_port Elasticsearch port number
rules_folder Directory path where YAML files for individual monitor settings are placed
buffer_time Data acquisition period
run_every
Monitoring interval
writeback_index The index name for managing execution history
The ruletypes will change depending on what you want to do.
I understand that you don't want to read the documentation.
Send 10 or more requests with status code 500 within a 5-minute period in the past hour.
The condition of 10 times within a 5-minute period is specified by num_events and timeframe.
example
global config
es_host: 10.255.0.100
es_port: 9200
rules_folder: rules
buffer_time:
hours: 1
run_every:
minutes: 1
writeback_index: elastalert_status
Individual monitoring settings
name: status500-moniroting
type: frequency
index: logstash-*
num_events: 10
timeframe:
minutes: 5
filter:
- term:
response: 500
alert:
- slack
slack_webhook_url: "https://hooks.slack.com/services/xxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx"
Why not use a paid service tool instead of OSS? Then they can answer all your questions, right?
Different rule types are available depending on the use case. I don't think it's any good to say anything to people who don't even want to look at the reference URL.
https://elastalert2.readthedocs.io/en/latest/ruletypes.html#rule-types
Praeco has no plans to develop new features and is not supported.
The praeco repository has been dead for a while now, no one answers questions or takes pull requests anymore.
I can't understand even if I read the oss documentation. I can't read the source code and analyze it. I should use paid software. It's a waste of time.
Posting questions to this repository is useless. No one will answer them. Absolutely not.
I told them in an issue but they didn't seem to understand. I'll tell you as many times as I want that this repository is dead.
Hi community, I want to learn few points about Praeco,