These are chat archives for Yelp/elastalert

Oct 2017
Oct 19 2017 15:54
Hello! Any interest in a PR that would split the various types into their own indices? Looking forward towards ES6 where different types are being removed.
Quentin Long
Oct 19 2017 17:20
@fasher You probably need to lowercase "failed" and "invalid" in the line system.auth.ssh.event: [ "Failed", "Invalid" ]
See the FAQ on github please, it has information to help you