I tried checking the problem. Log lines are present in elasticsearch with correct fields and values. elastalert did not log any error in stderr. if it could not connect to elasticsearch i suppose it would log error or warning? the servers load was not too busy either. the other identical rule running at the same time was working just fine.