Source: logit.io
How Do I Create A New Elastalert Rule?Category: yaml
March 5th 2020Getting Started 3 min read Next, choose 'Alerting and Notifications' and then click 'Provision alerting for this stack' Once your ElastAlert server has been provisioned and you have clicked 'ElastAlert is ready' you will see two sample yaml files that have default examples for alert rules.
If you want to create a new alert rule click 'New Rule' where you will then enter your rule name for your yaml file, then click the 'Create' button.
Several rule types that are common when creating your alert rule are: Frequency type: Match where there are X events in Y time Spike type: Match when the rate of events increases or decreases Flatline type: Match when there are less than X events in Y time Blacklist type: Match when a certain field matches a blacklist Whitelist type: Match when a certain field matches a whitelist Any type: Match on any event matching a given filter Change type: Match when a field has two different values within some time
If you want to create a new alert rule click 'New Rule' where you will then enter your rule name for your yaml file, then click the 'Create' button.
Several rule types that are common when creating your alert rule are: Frequency type: Match where there are X events in Y time Spike type: Match when the rate of events increases or decreases Flatline type: Match when there are less than X events in Y time Blacklist type: Match when a certain field matches a blacklist Whitelist type: Match when a certain field matches a whitelist Any type: Match on any event matching a given filter Change type: Match when a field has two different values within some time
Related Articles
Community Partners
DevOps Careers