I want my elastalert to send an email alert if the elasticsearch(efk stack) stops receives logs after a certain time.,
I tried many ways , but could not able to configure it.. nothing is working for me, can someone please help me to configure it.
Here is one of my ways:
I am using below configuration in rules:
es_host: myhost
es_port: myport
index: myindex*
name: zerologs
type: spike
spike_height: 0
timeframe:
minutes: 15
realert:
minutes: 10
filter:
- term:
issue-type: "zerologs"
alert:
- email:
email: '[email protected]'
smtp_host: 'smtp.gmail.com'
smtp_port: 465
smtp_ssl: true
from_addr: '[email protected]'
smtp_auth_file: '/opt/elastalert/smtp_auth_file.yml'
But It is getting error saying like:
15:00:35.597Z ERROR elastalert-server:
TestService: INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
To send them but remain verbose, use --verbose instead.
Traceback (most recent call last):
File "/opt/elastalert/elastalert/loaders.py", line 297, in load_options
self.rule_schema.validate(rule)
File "/usr/lib/python3.10/site-packages/jsonschema-4.9.0-py3.10.egg/jsonschema/validators.py", line 269, in validate
raise error
jsonschema.exceptions.ValidationError: {'es_host': 'myhost', 'es_port': myport, 'index': 'myindex', 'name': 'zerologs', 'type': 'spike', 'spike_height': 0, 'timeframe': {'minutes': 5}, 'realert': {'minutes': 10}, 'filter': [{'term': {'issue-type': 'zerologs'}}], 'alert': [{'email': {'email': '[email protected]', 'smtp_host': 'smtp.gmail.com', 'smtp_port': 465, 'smtp_ssl': True, 'from_addr': '[email protected]', 'smtp_auth_file': '/opt/elastalert/smtp_auth_file.yml'}}], 'rule_file': '/opt/elastalert/server_data/tests/~zBxU8hntki8ryDEyh2gjEnTxUk6xFqs5.temp'} is not valid under any of the given schemas