These are chat archives for Yelp/elastalert

16th
Apr 2016
Ramana
@ramanarapolu
Apr 16 2016 01:29

Thanks For the reply. Tried with below and alert is coming but only once. Do you see any problem in the rule.

name: ElastAlertRule-app1202-Tomcat_Process_Aliveness_Alert
es_host: localhost
es_port: 9200
type: flatline
threshold: 1
timeframe:
  minutes: 1
realert:
  minutes: 3
index: logstash-%Y.%W
alert:
- command
command:
- /bin/storeAlert.sh
pipe_match_json: true
use_strftime_index: true
match_enhancements:
- cmc_modules.information_enhancement.InformationEnhancement
filter:
- and:
  - term:
      syslog-tag: ps
  - term:
      host: app1202
  - query:
      match:
        args: krb5

I need alert for every 3 minutes or 1 minutes as it is critical. Thanks for the help.