2018-08-01 10:03:18 +02:00
|
|
|
ElastAlert
|
|
|
|
|
==========
|
|
|
|
|
|
2019-07-17 05:56:47 +02:00
|
|
|
[ElastAlert][1] is a simple framework for alerting on anomalies, spikes, or other
|
|
|
|
|
patterns of interest from data in Elasticsearch.
|
|
|
|
|
|
|
|
|
|
## up and running
|
2018-08-01 10:03:18 +02:00
|
|
|
|
|
|
|
|
```bash
|
2019-10-30 12:57:53 +02:00
|
|
|
$ docker-compose run --rm elastalert sh
|
2019-10-30 17:40:46 +02:00
|
|
|
>>> curl -X DELETE http://elasticsearch:9200/elastalert_*
|
2019-10-30 12:57:53 +02:00
|
|
|
>>> elastalert-create-index --config config.yaml
|
2019-10-30 17:40:46 +02:00
|
|
|
>>> elastalert-test-rule --config config.yaml --alert rules/example.yaml
|
2018-08-01 10:03:18 +02:00
|
|
|
>>> exit
|
2019-10-30 14:04:37 +02:00
|
|
|
|
2019-10-30 12:57:53 +02:00
|
|
|
$ docker-compose up -d
|
2019-10-30 14:04:37 +02:00
|
|
|
|
|
|
|
|
$ docker-compose logs -tf
|
2019-10-30 17:40:46 +02:00
|
|
|
Attaching to elastalert_elastalert_1
|
|
|
|
|
elastalert_1 | 2019-10-30T13:53:46.193793451Z bad things happen
|
|
|
|
|
elastalert_1 | 2019-10-30T13:58:45.855636764Z bad things happen
|
|
|
|
|
elastalert_1 | 2019-10-30T14:03:46.444137134Z bad things happen
|
2018-08-01 10:03:18 +02:00
|
|
|
```
|
2019-07-17 05:56:47 +02:00
|
|
|
|
|
|
|
|
> ElastAlert will also load new rules, stop running missing rules, and restart
|
|
|
|
|
> modified rules as the files in this folder change.
|
|
|
|
|
|
|
|
|
|
[1]: http://elastalert.readthedocs.io/en/latest/
|
