dockerfiles/elastalert/data/rules/example.yaml

name: example rule
is_enabled: true
es_host: elasticsearch
es_port: 9200
type: frequency
index: logstash-*
doc_type: _doc
use_count_query: true
num_events: 10

timeframe:
  minutes: 5

realert:
  minutes: 60

filter:
- query:
    query_string:
      query: 'response:[500 TO *]'

alert:
- command:
    command: [echo, bad, things, happen]
- slack:
    slack_webhook_url: https://hooks.slack.com/services/XXXXXXXXX/XXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX
    slack_username_override: ElastAlert
    slack_channel_override: '#monit'
    slack_emoji_override: ':bell:'
update elastalert 2019-10-30 20:04:37 +08:00			`name: example rule`
add elastichq 2019-11-01 09:14:24 +08:00			`is_enabled: true`
update elastalert 2019-10-30 16:11:49 +08:00			`es_host: elasticsearch`
			`es_port: 9200`
			`type: frequency`
			`index: logstash-*`
update elastalert 2019-10-30 18:57:53 +08:00			`doc_type: _doc`
			`use_count_query: true`
update elastalert 2019-10-30 20:04:37 +08:00			`num_events: 10`
update elastalert 2019-10-30 18:57:53 +08:00
update elastalert 2019-10-30 16:11:49 +08:00			`timeframe:`
update elastalert 2019-10-30 23:40:46 +08:00			`minutes: 5`

			`realert:`
			`minutes: 60`
update elastalert 2019-10-30 16:11:49 +08:00
			`filter:`
			`- query:`
			`query_string:`
			`query: 'response:[500 TO *]'`

			`alert:`
update elastalert 2019-10-30 23:40:46 +08:00			`- command:`
			`command: [echo, bad, things, happen]`
update elastalert 2019-10-30 20:04:37 +08:00			`- slack:`
			`slack_webhook_url: https://hooks.slack.com/services/XXXXXXXXX/XXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX`
			`slack_username_override: ElastAlert`
			`slack_channel_override: '#monit'`
			`slack_emoji_override: ':bell:'`