alert_text_args problem
luatdeptrai opened this issue · 3 comments
luatdeptrai commented
Hi everyone, I have some problem with my alert config. I want to use alert_text_args to get nested field: log.Obj_ReponseCC.sendMessage.from But the problem is log.Obj_ReponseCC is full name of a field and elastalert think that Obj_ReponseCC is subfield of log field. How to fix this!!
This is full alert config:
es_host: localhost
es_port: 9200
name: BRANDNAME TEMPLATE NOT MATCH ALERT
type: frequency
index: filebeat*
num_events: 51
timeframe:
minutes: 5
realert:
minutes: 0
filter:
- query:
query_string:
query: "log.Obj_ReponseCC.errorCode : 011*"
query_key: log.Obj_ReponseCC.account
alert_text: "At {0} brand name: {1}\nError name: {2} Code: {3}\nAccount: {4} send to phone number: {5} more than 50 times in 5 minutes\nMessage: {6}\nResolve: Check entered data again!"
alert_text_args: ["sourceInfo.date", "log.Obj_ReponseCC.sendMessage.from", "log.Obj_ReponseCC.errorMessage", "log.Obj_ReponseCC.errorCode", "log.Obj_ReponseCC.account", "log.Obj_ReponseCC.sendMessage.to", "log.Obj_ReponseCC.sendMessage.message"]
alert_text_type: alert_text_only
alert:
- "telegram"
telegram_bot_token: 6490431344:AAFmIjifVVnHfGR6NglDUeDdufRqgYUj3kc
telegram_room_id: "-***********"
This is JSON log:
"log.Obj_ReponseCC": {
"account": "hatp",
"msgLength": 96,
"mtCount": 1,
"errorCode": "011",
"sendMessage": {
"telco": "01",
"scheduled": "",
"from": "HATP",
"type": 1,
"useUnicode": 0,
"to": "**********",
"message": "abc",
"requestId": "7348288fbe814ccfa774e960a9b91a8c"
},
nsano-rururu commented
ElastAlert is no longer maintained. Please use ElastAlert2 instead.
luatdeptrai commented
ElastAlert is no longer maintained. Please use ElastAlert2 instead.
So how can I do it with elastalert2 pls help..
nsano-rururu commented
Ask your own questions.
https://github.com/jertel/elastalert2/discussions