4ybaka
Reputation: 3264
Alerts in elastalert are silenced when shouldn't
I want to receive alert for each hit of query. I use rule with "any" type. Documentation says set realert to 0 so I added next lines to config.yaml:
realert:
minutes: 0
but I still see in logs
INFO:elastalert:Queried rule Client errors from 2016-07-28 21:23 UTC to 2016-07-28 21:38 UTC: 16 / 16 hits
INFO:elastalert:Alert sent to Telegram
INFO:elastalert:Ignoring match for silenced rule Client errors
INFO:elastalert:Ignoring match for silenced rule Client errors
INFO:elastalert:Ignoring match for silenced rule Client errors
....
and I receive only first alert. What else could be wrong?
Upvotes: 0
Views: 2700
Answers (1)
TallChuck
Reputation: 1972
Those lines should be included in the specific rule file, not the config file.
Upvotes: 2
Related Questions
- ElastAlert triggering every 5 minutes for a certain rule even though realert is set at 60 mins
- Elastic Search Alert for No log in Kibana
- after install ElastAlert, not running
- Relax elastalert on Sunday morning, due to false positive cases
- Restrict the content in email notification from ElastAlert
- ElastAlert and Kibana 5.0
- Elastalert whitelist/blacklist not working
- elastalert not sending out email
- ElastAlert no hits
- ElastAlert Not working