mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-12-25 02:04:06 +02:00
28 lines
298 B
YAML
28 lines
298 B
YAML
name: Example rule
|
|
|
|
es_host: elasticsearch
|
|
es_port: 9200
|
|
|
|
type: frequency
|
|
|
|
index: logstash-*
|
|
|
|
doc_type: _doc
|
|
|
|
num_events: 10
|
|
|
|
use_count_query: true
|
|
|
|
timeframe:
|
|
hours: 1
|
|
|
|
filter:
|
|
- query:
|
|
query_string:
|
|
query: 'response:[500 TO *]'
|
|
|
|
alert:
|
|
- command
|
|
|
|
command: [echo, bad, things, happen]
|