Skip to content

elastalert-server job from praeco/1.0.0

Github source: 18c784d or master branch

Properties

elastalert

alert_time_limit

the retry window for failed alerts.

Default
days: 2

buffer_time

the size of the query window, stretching backwards from the time each query is run.

Default
minutes: 15

es_host

the address of an Elasticsearch cluster where ElastAlert will store data about its state, queries run, alerts, and errors.

Default
localhost

es_password

basic-auth password for connecting to es_host.

Default
""

es_port

the port corresponding to es_host.

Default
"9200"

es_username

basic-auth username for connecting to es_host.

Default
""

from_addr

This sets the From header in the email. By default, the from address is ElastAlert@ and the domain will be set by the smtp server.

Default
ElastAlert@localhost

rules

List of ElastAlert rules

Example
|+
  - name: Example rule
    type: frequency
    index: logstash-*
    num_events: 50
    timeframe:
        hours: 4
    filter:
    - term:
        some_field: "some_value"
    alert:
    - "email"
    email:
    - "[email protected]"

rules_folder

The name of the folder which contains rule configuration files.

Default
/var/vcap/jobs/elastalert/rules

run_every

how often ElastAlert will query Elasticsearch.

Default
minutes: 1

smtp_host

The SMTP host to use.

Default
localhost

smtp_port

The port to use.

Default
25

smtp_ssl

Connect the SMTP host using TLS. If smtp_ssl is not used, ElastAlert will still attempt STARTTLS.

Default
"false"

use_ssl

Whether or not to connect to es_host using TLS.

Default
"false"

verify_certs

Whether or not to verify TLS certificates.

Default
"true"

writeback_index

the name of the index in which ElastAlert will store data.

Default
elastalert_status

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/elastalert-server/ directory (learn more).

  • bin/ctl (from bin/ctl)
  • bin/ctl_utils.sh (from bin/ctl_utils.sh)
  • bin/pre-start (from bin/pre-start.sh)
  • config/config.json (from config/config.json.erb)
  • config/config.yaml (from config/elastalert.yaml)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.