update elastalert

elastalert/README.md

@@ -11,7 +11,13 @@ $ docker-compose run --rm elastalert sh
 >>> elastalert-create-index --config config.yaml
 >>> elastalert-test-rule --config config.yaml rules/example.yaml
 >>> exit
+
 $ docker-compose up -d
+
+$ docker-compose logs -tf
+elastalert_1  | 2019-10-30T10:33:31.960452334Z bad things happend
+elastalert_1  | 2019-10-30T10:42:27.952772739Z bad things happend
+elastalert_1  | 2019-10-30T10:50:22.808460534Z bad things happend
 ```
 
 > ElastAlert will also load new rules, stop running missing rules, and restart

elastalert/data/rules/example.yaml

@@ -1,17 +1,11 @@
-name: Example rule
-
+name: example rule
 es_host: elasticsearch
 es_port: 9200
-
 type: frequency
-
 index: logstash-*
-
 doc_type: _doc
-
-num_events: 10
-
 use_count_query: true
+num_events: 10
 
 timeframe:
   hours: 1
@@ -22,6 +16,11 @@ filter:
       query: 'response:[500 TO *]'
 
 alert:
+- slack:
+    slack_webhook_url: https://hooks.slack.com/services/XXXXXXXXX/XXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX
+    slack_username_override: ElastAlert
+    slack_channel_override: '#monit'
+    slack_emoji_override: ':bell:'
 - command
 
 command: [echo, bad, things, happen]