ElastAlert

ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch.

up and running

$ docker-compose up -d
$ docker-compose exec elastalert sh
>>> cd /opt/elastalert/rules
>>> elastalert-test-rule xxx.yaml
>>> exit

ElastAlert will also load new rules, stop running missing rules, and restart modified rules as the files in this folder change.