name: Example rule es_host: elasticsearch es_port: 9200 type: frequency index: logstash-* doc_type: _doc num_events: 10 use_count_query: true timeframe: hours: 1 filter: - query: query_string: query: 'response:[500 TO *]' alert: - command command: [echo, bad, things, happen]