ElastAlert 2 - Automated rule-based alerting for Elasticsearch
Contents:
- Introduction
- Getting Started
- Command Line Flags
- Global Configuration
- Rules
- Alerts
- Logging
- Advanced Topics
- Frequently Asked Questions
- My rule is not getting any hits?
- I got hits, why didn’t I get an alert?
- Why did I only get one alert when I expected to get several?
- How can I prevent duplicate alerts?
- How can I change what’s in the alert?
- My alert only contains data for one event, how can I see more?
- How can I make the alert come at a certain time?
- I have lots of documents and it’s really slow, how can I speed it up?
- Can I perform aggregations?
- I’m not using @timestamp, what do I do?
- I’m using flatline but I don’t see any alerts
- How can I get a “resolve” event?
- Can I set a warning threshold?
- Does it support Elastic Cloud’s “Cloud ID”?
- I need to go through an http(s) proxy to connect to Elasticsearch. Does ElastAlert 2 support it?
- About boolean value
- Is it possible to send an SNMP Trap with an alert notification?
- Is Email Alerter compatible with Microsoft 365 (formerly Office 365)?
- Does Email Alerter support the Google Gmail API?
- Can Email Alerter send emails via the Gmail sending server?
- Is it possible to send a JPEG image encoded as base64 in elasticsearch as an image attachment with an Email Alerter?
- Does the alert notification destination support Alertmanager?
- The es_host parameter seems to use only one host. Is it possible to specify multiple nodes?
- Is there any plan to implement a REST API into this project?
- An error occurred when trying to create a blacklist rule that parses a file with more than 1024 lines.
- ElastAlert 2 doesn’t have a listening port?
- I’ve set ssl_show_warn but it doesn’t seem to work.
- How to write a query filter for phrases containing spaces?
- Does ElastAlert 2 support Elasticsearch 8?
- Support multiple sns_topic_arn in Alert Amazon SNS(Simple Notification Service)?
- Support multiple telegram_room_id in Alert Telegram?
- Is it possible to set a timeout for connecting to and reading from es_host ?
- Is it possible to stop disabling rules for ElastAlert 2?
- Is there an introductory article about elastalert2?