These are chat archives for Yelp/elastalert

24th
Aug 2017
yamtoribio
@yamtoribio
Aug 24 2017 07:35
Hi Guys I also encountered this same problem. Im getting an error when using decimal entries.
Roman
@invizus
Aug 24 2017 09:05
I am reinstalling elastalert on new server and have same problem i forgot how to fix.
i ran pip without sudo, and it did not install scripts in /usr/local/bin. So cannot use the elastalert
Roman
@invizus
Aug 24 2017 09:36
I probably have to run pip with sudo
ok running with sudo helped, however I read somewhere that is not recommended
sathishdsgithub
@sathishdsgithub
Aug 24 2017 12:04
@Qmando what is the minimum server requirements to implement elastalert in production environment. We are using graylog for log collection and elasticsearch 2.4 version. Presently we are getting millions of logs indexed to elasticsearch evey 100 ms average..
@Qmando I would.like to know is there any standard server requirements before we install elastalert
Roman
@invizus
Aug 24 2017 14:43
@sathishdsgithub how many searches and how often do you do? Just for comparison, I have 5 rules running every minute, 512 MB RAM and 1 CPU
sathishdsgithub
@sathishdsgithub
Aug 24 2017 14:46
@invizus presently we have 10 rules and every time when elastalert queries we get average 100 thousands hits..
Roman
@invizus
Aug 24 2017 14:48
I see it all depends it seems
mikesee
@mikesee
Aug 24 2017 22:39
When referring to the @timestamp field in Elastalert in "alert_text_args" ( - @timestamp), I'm unable to get the @timestamp field into the "alert_text" I keep getting "<missing value>" where the timestamp should be. The index uses @timestamp, I've even explicitly used "timestamp_field: @timestamp". Any ideas what I could be missing?