0
我有一條簡單的Flatline警報,用於在事件數量低於閾值時發出警報。即使在索引中有大量數據超出閾值,我仍會在每個給定的時間間隔內收到此警報。我的配置是:即使沒有匹配,ElastAlert也會觸發
(Required)
# Rule name, must be unique
name: fraud-impr-flatline
# (Required)
# Type of alert.
#
type: flatline
# (Required)
# Index to search, wildcard supported
index: logstash-fraud*
threshold: 100
use_count_query: true
doc_type: fraud-impr
timeframe:
minutes: 30
# (Required)
# The alert is use when a match is found
alert:
- "email"
# (required, email specific)
# a list of email addresses to send alerts to
email:
- "[email protected]"
這是這樣一個基本的警惕,但我從來沒有能夠得到這個工作。我在這裏錯過了什麼?