2019-10-30 14:04:37 +02:00
|
|
|
name: example rule
|
2019-10-30 10:11:49 +02:00
|
|
|
es_host: elasticsearch
|
|
|
|
es_port: 9200
|
|
|
|
type: frequency
|
|
|
|
index: logstash-*
|
2019-10-30 12:57:53 +02:00
|
|
|
doc_type: _doc
|
|
|
|
use_count_query: true
|
2019-10-30 14:04:37 +02:00
|
|
|
num_events: 10
|
2019-10-30 12:57:53 +02:00
|
|
|
|
2019-10-30 10:11:49 +02:00
|
|
|
timeframe:
|
2019-10-30 17:40:46 +02:00
|
|
|
minutes: 5
|
|
|
|
|
|
|
|
realert:
|
|
|
|
minutes: 60
|
2019-10-30 10:11:49 +02:00
|
|
|
|
|
|
|
filter:
|
|
|
|
- query:
|
|
|
|
query_string:
|
|
|
|
query: 'response:[500 TO *]'
|
|
|
|
|
|
|
|
alert:
|
2019-10-30 17:40:46 +02:00
|
|
|
- command:
|
|
|
|
command: [echo, bad, things, happen]
|
2019-10-30 14:04:37 +02:00
|
|
|
- slack:
|
|
|
|
slack_webhook_url: https://hooks.slack.com/services/XXXXXXXXX/XXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX
|
|
|
|
slack_username_override: ElastAlert
|
|
|
|
slack_channel_override: '#monit'
|
|
|
|
slack_emoji_override: ':bell:'
|