-
|
Hi, If we have any rule please tell me, otherwise we can add a rule for this usecase which return total count in given period. It could be useful. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
Hello, You stated: "I need total number of alerts". That tells me you are wanting ElastAlert 2 to monitor its own alerts that it triggers, and then send out additional alerts summarizing it's daily alerts. Is this correct? |
Beta Was this translation helpful? Give feedback.
-
|
not exactly, What I want is to get total number of error count which can be found by a log level field in document, and send me the alert for total count of ERROR logs for the entire day to next day. |
Beta Was this translation helpful? Give feedback.
-
|
You could try a rule type that supports |
Beta Was this translation helpful? Give feedback.
-
|
https://elastalert2.readthedocs.io/en/latest/ruletypes.html#rule-types |
Beta Was this translation helpful? Give feedback.
You could try a rule type that supports
use_count_querywill allow you to just return the count of matches rather than each matching error event. Or use an aggregation rule. Then use alimit_executionsetting to only run the check at the day boundary time of your choosing. Yourbuffer_time,timeframe, andrun_everysettings will likely need to be adjusted for a full day. The docs cover these settings.