These are chat archives for Yelp/elastalert

19th
Apr 2016
Quentin Long
@Qmando
Apr 19 2016 01:03
Ah. Unfortunately, the flatline alert only alerts once when it drops below the threshold, but while there are still 0 documents it doesn't alert again.
I can add this feature. I haven't had much time to work on new features. Let me think of there are any workarounds
If you want to get hacky, you could make storeAlert.sh run in a loop with a PID file. Then make an alert with type: any run a script that just kills that process if it's running.
sunilmchaudhari
@sunilmchaudhari
Apr 19 2016 03:30
Hi, any suggestion to monitor elasticsearch itself with the help of elastalert?
sunilmchaudhari
@sunilmchaudhari
Apr 19 2016 13:17
Hi, I want to provide 2 indexes in rule.yaml, how to do that? for example, rss- and tss-. can I separate it with ','.
Quentin Long
@Qmando
Apr 19 2016 21:59
I think you should be able to just comma separate it
Marius Ducea
@mdxp
Apr 19 2016 22:00
@Qmando is it possible to include files in rules? (for secrets for ex to not add api keys in the rules files)
Quentin Long
@Qmando
Apr 19 2016 22:02
No. pyyaml does include some features that would make that possible though
Marius Ducea
@mdxp
Apr 19 2016 22:02
as i would love to not include keys (like pagerduty for ex) in the rules themselves; how to people handle this?
really nice way to define secrets in main config file (like email password for relay, slack, etc.) but for things that go into the alerts file (like pagerduty) i have no idea how to do that
Quentin Long
@Qmando
Apr 19 2016 22:18
@mdxp: the jira alerter has that feature where you specify a file for the credentials
and TBH, that's the only thing that I use that requires credentials, so I accepted pull requests for other alerters that require inline keys
Shouldn't be hard feature to add though. IF you are really concerned and want things like reading the credentials and then dropping privileges, that would be a little more work
Marius Ducea
@mdxp
Apr 19 2016 22:48
is the jira_account_file per rule or is it a global option?