elastalert cannot find index app* in openshift

Question

elastalert cannot find index app* in openshift

BalighRezgui opened this issue 2 years ago · 1 comments

Hello,

I configured an elastalert with elasticsearch on an openshift cluster when I configure an alert ruels for the infra-* index to capture a word it works but when I change the index in the ruels app-* it does not work.
Apparently elastalert can see the infra index and is not seeing the app. any ideas ?

data:
my-rules.yaml: |
name: test
type: frequency
index: infra* (or app*)
num_events: 1
timeframe:
minutes: 10
filter:
- term:
message: BIP
- query:
query_string:
query: "NETWORK"

Answer 1 · 2022-11-18T15:49:56.000Z

can you show me all your index？
or have you tried this command to test？
elastalert-test-rule example_rules/xxx.yaml --config config.yaml
if it reports no problem，perhaps it hits no goals.

Answer 2 · 2022-11-19T16:46:57.000Z

elastalert is not maintained. Please use elastalert2.
https://github.com/jertel/elastalert2/discussions