ElastAlert 每小时而不是每分钟针对特定规则发出警报
ElastAlert alert every hour instead of minute for a certain rule
我有每分钟发送警报的 ElastAlert 服务。我现在配置了一个 flatline 规则,以便在过去一小时内没有新数据时提醒我。
正如预期的那样,规则 运行 一小时以确保没有事件进入。但随后它开始每分钟发送一次警报(根据配置)。我该如何更改它并告诉 ElastAlert 根据此特定规则每小时而不是每分钟提醒我一次?
您可以将 realert 配置选项设置为 60 分钟吗? (默认为 1)
realert realert: This option allows you to ignore repeating alerts for
a period of time. If the rule uses a query_key, this option will be
applied on a per key basis. All matches for a given rule, or for
matches with the same query_key, will be ignored for the given time.
All matches with a missing query_key will be grouped together using a
value of _missing. This is applied to the time the alert is sent, not
to the time of the event. It defaults to one minute, which means that
if ElastAlert is run over a large time period which triggers many
matches, only the first alert will be sent by default. If you want
every alert, set realert to 0 minutes. (Optional, time, default 1
minute)
我有每分钟发送警报的 ElastAlert 服务。我现在配置了一个 flatline 规则,以便在过去一小时内没有新数据时提醒我。
正如预期的那样,规则 运行 一小时以确保没有事件进入。但随后它开始每分钟发送一次警报(根据配置)。我该如何更改它并告诉 ElastAlert 根据此特定规则每小时而不是每分钟提醒我一次?
您可以将 realert 配置选项设置为 60 分钟吗? (默认为 1)
realert realert: This option allows you to ignore repeating alerts for a period of time. If the rule uses a query_key, this option will be applied on a per key basis. All matches for a given rule, or for matches with the same query_key, will be ignored for the given time. All matches with a missing query_key will be grouped together using a value of _missing. This is applied to the time the alert is sent, not to the time of the event. It defaults to one minute, which means that if ElastAlert is run over a large time period which triggers many matches, only the first alert will be sent by default. If you want every alert, set realert to 0 minutes. (Optional, time, default 1 minute)