Troubleshooting Elastalerts

mitchell.dyer · April 30, 2020, 7:49pm

I am trying to create an alert that shows as invalid in Elastalerts. Need help seeing why it is failing. Here is the query for the rule.

doc_type: doc
filter:
- query_string:
    query: |
      node_app: [hidden]
      AND client_guid: "[hidden]"
      AND action: DISCOVERED 
index: logstash-*
type: flatline
threshold: default
timeframe: 
    hours: 24
aggregation:
    schedule: '* 7 * * 2,3,4,5,6 *'

I have hidden values for security and privacy reasons. Please help me understand what is causing this rule to be invalid.

Thank you!

system · May 28, 2020, 7:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Query works perfectly in Kibana - but doesn't work at all in Elastalert Elasticsearch	1	387	February 25, 2020
Alerting - OR condition in Log threshold rule type Elastic Observability elastic-stack-alerting	1	500	March 10, 2023
About Elastalert errors Elasticsearch	2	460	May 1, 2023
Elastalert Not sending Alerts Elasticsearch elastic-stack-alerting	1	140	June 4, 2024
Email ElastAlert Not triggering on Average Aggregation query Elasticsearch	3	922	November 19, 2020

Troubleshooting Elastalerts

Related Topics