These are chat archives for Yelp/elastalert

4th
Sep 2017
Roman
@invizus
Sep 04 2017 10:21
I have 2 flatline (treshold 1) rules for two similart servers. one of them failed to return count > 0 and fired few false positives.
Between 2017-09-02 13:25 BST and 2017-09-02 14:25 BST, there were less than 1 events.
Roman
@invizus
Sep 04 2017 12:03
I tried checking the problem. Log lines are present in elasticsearch with correct fields and values. elastalert did not log any error in stderr. if it could not connect to elasticsearch i suppose it would log error or warning? the servers load was not too busy either.
the other identical rule running at the same time was working just fine.
Roman
@invizus
Sep 04 2017 13:33
just to clarify( when I said "for two similart servers" i meant prod servers logged in elastic, not elastic servers themselves.)