Mail is not triggering for my elast alert aggregator rule.
I have a Elastic DSL Query which returns me an average Response time for the API for the last 15 mins.
My objective is to fire email if the API average response time > 5sec.
In the below DSL Query response I am getting an average of 5.32. But In elastalert rules, no alerts are not generating for the same elastalert configuraiton
Rules.yaml
es_host: 100.10.10.100
es_port: 9200
es_username: elastic
es_password: elastic
name: Average ResponseTime
type: metric_aggregation
index: logstashlogs-*
bucket_interval:
minutes: 15
metric_agg_key: elapsed_time
metric_agg_type: avg
doc_type: _doc
max_threshold: 5
filter:
- term:
doc.processName: CreateCustomer - term:
doc.messageType: SourceResponse
alert:
- email
email: -
Test1234@gmail.com
alert_subject: Avg response lapsed
alert_text: |
Testing for average response time.
alert_text_type: alert_text_only
smtp_host: 100.100.10.10
smtp_port: 25
smtp_ssl: false
from_addr: test@gmail.com
smtp_auth_file: smtp_auth_file.yaml
**Output from elastalert**
1 rules loaded
INFO:elastalert:Starting up
INFO:elastalert:Disabled rules are:
INFO:elastalert:Sleeping for 59.999888 seconds
INFO:elastalert:Ran Average ResponseTime from 2020-10-21 11:42 UTC to 2020-10-21 11:57 UTC: 0 query hits (0 already seen), 0 matches, 0 alerts sent
INFO:elastalert:Background configuration change check run at 2020-10-21 11:58 UTC
INFO:elastalert:Background alerts thread 0 pending alerts sent at 2020-10-21 11:58 UTC
But If I cross check in Curl I am getting average value
DSL Query
{
"aggs":{
"processFilter":{
"filter":{
"bool":{
"should":[
{
"bool":{
"must":[
{
"match":{
"doc.processName":"CreateCustomer"
}
},
{
"match":{
"doc.messageType":"SourceResponse"
}
},
{
"range":{
"@timestamp":{
"gte":"now-30m/m",
"lte":"now/m"
}
}
}
]
}
}
]
}
},
"aggs":{
"avg_et":{
"avg":{
"field":"elapsed_time"
}
}
}
}
}
}
**Response :**
"aggregations" : {
"processFilter" : {
"meta" : { },
"doc_count" : 5,
"**avg_et**" : {
"value" : 5.3289999008178714
}
}
}
}