Created
November 4, 2016 21:11
-
-
Save thomastaylor312/55c6af527db71152dec60393f9bd15f5 to your computer and use it in GitHub Desktop.
An example elastalert config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Alert when the rate of events exceeds a threshold | |
| # (Required) | |
| # Rule name, must be unique | |
| name: jenkins-severe-exceptions | |
| # (Required) | |
| # Type of alert. | |
| # the frequency rule type alerts when num_events events occur with timeframe time | |
| type: frequency | |
| # (Required) | |
| # Index to search, wildcard supported | |
| index: logstash-* | |
| # (Required, frequency specific) | |
| # Alert when this many documents matching the query occur within a timeframe | |
| num_events: 2 | |
| # (Required, frequency specific) | |
| # num_events must occur within this amount of time to trigger an alert | |
| timeframe: | |
| hours: 1 | |
| # (Required) | |
| # A list of elasticsearch filters used for find events | |
| # These filters are joined with AND and nested in a filtered query | |
| # For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html | |
| filter: | |
| - query: | |
| query_string: | |
| query: "log: SEVERE AND kubernetes.namespace_name: jenkins" | |
| # (Required) | |
| # The alert is use when a match is found | |
| alert: | |
| - "slack" | |
| slack_username_override: "k8s-bot" | |
| slack_webhook_url: my.slack.webhook/XXXXX/XXXXX |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment