timeframe setting is not work when rule run every minutes

[wangcrazy1]

https://help.logit.io/en/articles/3772556-configure-flatline-alerts-for-elasticsearch

Rule name, must be unique

name: send log issue fence to cloudwise
type: flatline

threshold: 10000

if the frequency of events drops below threshold in timeframe minutes, an alert is triggered

timeframe:
minutes: 6

A list of elasticsearch filters used for find events

These filters are joined with AND and nested in a filtered query

For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html

filter:

• query:
  query_string:
  #query: "input.type: log"
  query: "log.file.path: Fence_PROD_BSP_FENCE*"
  #query: "log.file.path: test_it_temp*"

use_count_query: true
doc_type: _doc

index: tesla*
realert:
minutes: 1

query_key:

• host.name

#include:

- log.file.path

include:

• "@timestamp"
• num_hits
  scan_entire_timeframe: true
  include_match_in_root: true

(Required)

The alert is use when a match is found

#alert: post
alert: "elastalert_modules.my_alerts.HTTPPostEpochAlerter"
http_post_url: "http://10.195.129.232:50003/xxx_nolog"
http_post_static_payload:
check: "tesla receive log from fence"
hostname: "CN000VM5080"
logpath: "C:\SEEBURGER\PROD_BSP_CS\log\Fence_PROD_BSP_FENCE02\Fence_PROD_BSP_FENCE02.lgw"
http_post_payload:
matches: num_hits
timestamp: "@timestamp"

It send the num_hits only contians one minute when rule run every minutes. I think the num_hits should be sum of six minutes hits.