These are chat archives for Yelp/elastalert

19th
Jan 2018
sathishdsgithub
@sathishdsgithub
Jan 19 09:31
@Qmando When I make changes to YAML rule should I restart elastalert again to take the latest modified YAML rule ? OR is there any option to do it without restarting the elastalert ?
Quentin Long
@Qmando
Jan 19 18:38
@sathishdsgithub You can only use use_terms_query if you have a single query key. You could attempt to merge these fields in Logstash before they get into Elasticsearch
chinnareddy578
@chinnareddy578
Jan 19 19:06

Hi
Here is my rule..
num_events: 5
timeframe:
minutes: 30
realert:
minutes: 30
buffer_time:
minutes: 3
filter:

  • query:
    query_string:
    query: "_type: job"
  • query:
    query_string:
    query: "request_type: DEPLOY"
  • query:
    query_string:
     query: "status: JOB_STATUS_FAILED"

alert:

  • slack

I'm getting getting only one event data.

My question is , is there any way to pull the all 5 events data and post into slack channel...?

Any suggestions...?