hey, I am having the same problem @balijepalli
had. I am shipping some logs to an elasticsearch index through logstash and running elastAlert at the same time. all I'm trying to do is test email alerts when the same value of some field occurs more than once, but i keep getting 0 matches. I've just started using elastAlert so bear with me.This is the command im running "elastalert-test-rule example_frequency.yaml"
and this is the filter i specified: