These are chat archives for Yelp/elastalert
use_terms_queryif you have a single query key. You could attempt to merge these fields in Logstash before they get into Elasticsearch
Here is my rule..
query: "_type: job"
query: "request_type: DEPLOY"
query: "status: JOB_STATUS_FAILED"
I'm getting getting only one event data.
My question is , is there any way to pull the all 5 events data and post into slack channel...?