dockerfiles/elastalert/data/rules/example.yaml

name: Example rule

es_host: elasticsearch
es_port: 9200

type: frequency

index: logstash-*

doc_type: _doc

num_events: 10

use_count_query: true

timeframe:
  hours: 1

filter:
- query:
    query_string:
      query: 'response:[500 TO *]'

alert:
- command

command: [echo, bad, things, happen]
update elastalert 2019-10-30 08:11:49 +00:00			`name: Example rule`

			`es_host: elasticsearch`
			`es_port: 9200`

			`type: frequency`

			`index: logstash-*`

update elastalert 2019-10-30 10:57:53 +00:00			`doc_type: _doc`

update elastalert 2019-10-30 08:11:49 +00:00			`num_events: 10`

update elastalert 2019-10-30 10:57:53 +00:00			`use_count_query: true`

update elastalert 2019-10-30 08:11:49 +00:00			`timeframe:`
			`hours: 1`

			`filter:`
			`- query:`
			`query_string:`
			`query: 'response:[500 TO *]'`

			`alert:`
			`- command`

update elastalert 2019-10-30 10:57:53 +00:00			`command: [echo, bad, things, happen]`