I am trying to create an alert that shows as invalid in Elastalerts. Need help seeing why it is failing. Here is the query for the rule.
doc_type: doc filter: - query_string: query: | node_app: [hidden] AND client_guid: "[hidden]" AND action: DISCOVERED index: logstash-* type: flatline threshold: default timeframe: hours: 24 aggregation: schedule: '* 7 * * 2,3,4,5,6 *'
I have hidden values for security and privacy reasons. Please help me understand what is causing this rule to be invalid.