0
我有一条简单的Flatline警报,用于在事件数量低于阈值时发出警报。即使在索引中有大量数据超出阈值,我仍会在每个给定的时间间隔内收到此警报。我的配置是:即使没有匹配,ElastAlert也会触发
(Required)
# Rule name, must be unique
name: fraud-impr-flatline
# (Required)
# Type of alert.
#
type: flatline
# (Required)
# Index to search, wildcard supported
index: logstash-fraud*
threshold: 100
use_count_query: true
doc_type: fraud-impr
timeframe:
minutes: 30
# (Required)
# The alert is use when a match is found
alert:
- "email"
# (required, email specific)
# a list of email addresses to send alerts to
email:
- "[email protected]"
这是这样一个基本的警惕,但我从来没有能够得到这个工作。我在这里错过了什么?