我正在研究使用 elastalert 来提醒获取特定性质或频率的数据。请参阅我的 elastalert 规则 .yaml 文件。
# Alert when the rate of events exceeds a threshold
# (Optional)
# Elasticsearch host
es_host: localhost
# (Optional)
# Elasticsearch port
es_port: 9200
# (OptionaL) Connect with SSL to Elasticsearch
#use_ssl: True
# (Optional) basic-auth username and password for Elasticsearch
#es_username: someusername
#es_password: somepassword
# (Required)
# Rule name, must be unique
name: my_rule
# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
type: any
#frequency
# (Required)
# Index to search, wildcard supported
index: shakes*
# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
num_events: 1
# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
timeframe:
seconds: 15
# (Required)
# A list of Elasticsearch filters used for find events
# These filters are joined with AND and nested in a filtered query
# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
filter: []
#- query:
# query_string:
# query: "play_name: Henry IV"
# (Required)
# The alert is use when a match is found
alert:
- "email"
# (required, email specific)
# a list of email addresses to send alerts to
email:
- "olawi@vg.com"
命中数应该算数。我没有命中。现在,我看到了一个类似的帖子,其中要求开发人员调整时间,因为 elastalert 基于浏览器的时间工作。我调整了系统时间以匹配索引中文档的时间戳,但它仍然没有在该时间段内提供任何命中。
谢谢。