New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

timeframe setting is not work when rule run every minutes #3275

Open

wangcrazy1 opened this issue Dec 23, 2022 · 0 comments

wangcrazy1 commented Dec 23, 2022

https://help.logit.io/en/articles/3772556-configure-flatline-alerts-for-elasticsearch

Rule name, must be unique

name: send log issue fence to cloudwise
type: flatline

threshold: 10000

if the frequency of events drops below threshold in timeframe minutes, an alert is triggered

timeframe:
minutes: 6

A list of elasticsearch filters used for find events

These filters are joined with AND and nested in a filtered query

For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html

filter:

query:
query_string:
#query: "input.type: log"
query: "log.file.path: Fence_PROD_BSP_FENCE*"
#query: "log.file.path: test_it_temp*"

use_count_query: true
doc_type: _doc

index: tesla*
realert:
minutes: 1

query_key:

host.name

#include:

- log.file.path

include:

"@timestamp"
num_hits
scan_entire_timeframe: true
include_match_in_root: true

(Required)

The alert is use when a match is found

#alert: post
alert: "elastalert_modules.my_alerts.HTTPPostEpochAlerter"
http_post_url: "http://10.195.129.232:50003/xxx_nolog"
http_post_static_payload:
check: "tesla receive log from fence"
hostname: "CN000VM5080"
logpath: "C:\SEEBURGER\PROD_BSP_CS\log\Fence_PROD_BSP_FENCE02\Fence_PROD_BSP_FENCE02.lgw"
http_post_payload:
matches: num_hits
timestamp: "@timestamp"

It send the num_hits only contians one minute when rule run every minutes. I think the num_hits should be sum of six minutes hits.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment