These are chat archives for Yelp/elastalert

8th
Sep 2017
Markus Cisler
@bl1nk
Sep 08 2017 08:09
@Qmando so it would detect spikes per aggregation_key?
Quentin Long
@Qmando
Sep 08 2017 18:22
@bl1nk For that you'd have to add query_key too. query_key separates document counting into buckets. aggregation_key only affects how the alerts get sent. You have to set both if you want all spikes for a single key to get sent together.
query_key = affects how generate matches, aggregation_key = affects how those matches get sent as alerts