Troubleshooting Elastalerts

I am trying to create an alert that shows as invalid in Elastalerts. Need help seeing why it is failing. Here is the query for the rule.

doc_type: doc
filter:
- query_string:
    query: |
      node_app: [hidden]
      AND client_guid: "[hidden]"
      AND action: DISCOVERED 
index: logstash-*
type: flatline
threshold: default
timeframe: 
    hours: 24
aggregation:
    schedule: '* 7 * * 2,3,4,5,6 *'

I have hidden values for security and privacy reasons. Please help me understand what is causing this rule to be invalid.

Thank you!