Use multiple filters on multiple indices and multiple rules in same rule file in elastalert

Kiranmai_Reddy · June 7, 2017, 9:55am

I want to run multiple queries on multiple indices of elasticsearch in elastalert. How can I do that?
example : I want to use the first filter with rule type "any" on index abc* and the second filter with rule type "frequency" on index xyz*

type :any
type:frequency
index: abc*
index: xyz*
filter:

match:
loglevel: "INFO"
filter:
- match:
loglevel: "ERROR"

system · July 5, 2017, 9:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ElastAlert : multiple query against multiple indices in same rule file Elasticsearch	2	1824	May 17, 2017
About Elastalert errors Elasticsearch	2	462	May 1, 2023
Can I use AND filter for more than two queries? Elasticsearch	4	365	July 6, 2017
Logstash - multiple indices for one input file Logstash	3	2068	December 21, 2016
Match filter queries with OR instead of AND Elasticsearch elastic-stack-alerting	1	211	October 13, 2022

Use multiple filters on multiple indices and multiple rules in same rule file in elastalert

Related topics