mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-12-25 02:04:06 +02:00
26 lines
279 B
YAML
26 lines
279 B
YAML
name: Example rule
|
|
|
|
es_host: elasticsearch
|
|
es_port: 9200
|
|
|
|
type: frequency
|
|
|
|
index: logstash-*
|
|
|
|
num_events: 10
|
|
|
|
timeframe:
|
|
hours: 1
|
|
|
|
filter:
|
|
- query:
|
|
query_string:
|
|
query: 'response:[500 TO *]'
|
|
|
|
alert:
|
|
- command
|
|
|
|
command:
|
|
- echo
|
|
- "{match[@timestamp]} {match[message]}"
|