I have an elastalert with type as frequency. If the number of hits is 1000 or more in 60 minutes, it should trigger the alert. The issue is, the moment it reaches 1000 hits within 5-6 minutes, it's triggering the alert instead of waiting for the entire 60 minutes' period. I want it to alert after the 60 minute period is over. I tried adding a realert for 60 minutes but it still did not work. What needs to be done to trigger an alert only when the 60 minutes period is over?
type: frequency index: logstash-* num_events: 1000 timeframe: minutes: 60 realert: minutes: 60 query_key: site_name filter: - query: query_string: query: 'NOT site_name: "CCBDN" AND NOT namespace: master' alert: my_alerts.AlertManager labels: severity: major slack: 'true' auto_resolve: 'false' annotations: summary: Kibana is getting logs from sites other than CCBDN.