⚠️ ElastAlert is no longer maintained. We strongly recommend migrating to ElastAlert2.

[nsano-rururu]

https://github.com/jertel/elastalert2

ElastAlert Pull Request(Open)

title	Has it been merged with elastalert2?	remark
add dingtalk and aiops alert #3240	-	Dingtalk has been added to ElastAlert2
Update ruletypes.rst #3231	-
Parsing error fixed at line 2. #3216	〇
Fix UnicodeEncodeError in PagerDutyAlerter #3182	-
fix(docs): corrects common typos in project README #3179	-
fix compound query key in metric aggregation with bucket_interval #3161	〇
use rule timeframe when scan_entire_timeframe is set #3141	-
email alerter: add smtp_tls flag to allow user to disable TLS #3122	-
feat: suport for multi es instances #3109	〇
Added rules dir and minor update to config #3098	-
Statsd and multi imports #3095	〇
Update README.md #3089	-
Bearer token authorization. #3076	〇
Fix is_enabled not work with reload #3036	〇
Fix for the mapping error reported in #2899. #3016	〇
added code to run on Powersystem #2997	-
Add Jinja2 Templating Option to Alert Text Formatting #2993	〇
Fix initializing self.thread_data.alerts_sent for running elastalert-test-rule #2991	〇
Add support for custom_details in the PagerDuty alerter v2 module #2982	〇
SpikeRule remove self.first_event.pop(qk) #2969	-
fix a configuration options of docs #2961	〇
allow custom http_headers in config.yaml #2952	-
Add support for HTTP POST encryption ( using JWT ) #2926	-
Add new Alerter: IDMEF with Prelude SIEM #2906	-
TheHive alerter: Allow severity and tlp to be set by rule #2891	〇
Add optional es_version attribute in config #2889	-
Fix Incorrect Opsgenie Tags Formatting #2884	-
Remove hipchat integration #2881	〇
fix attribute error is raised when query ran for future time #2858	〇
Remove duplicate property in example config file #2848	〇
Added Squadcast http post alert config #2843	〇
Patch opsgenie tags overwritten after first alert #2840	〇
Fixes to is_enabled state changes during runtime #2838	-
fix aggregate_id search syntax #2829	〇
Removing/Disabling rule should stop scheduler jobs #2826	-
Allow Customizable Slack Message Body #2816	-
Allow Custom OpsGenie Description #2796	-
Adds --silence_qk_value option to elastalert #2795	〇
Add parameter for slack aggregation table width #2780	-
Add ca certs and ignore ssl to HTTP Post #2766	〇
unsupported operand type(s) for +=: 'int' and 'NoneType' #2759	〇
support for agg_type percentiles fixes #2713 #2750	〇
Respect disable_rules_on_error flag for connection errors #2707	-
Update Docs for query_key types (compound_query_key)	〇
Typo in example_rules/ssh.yaml #2692	〇
Pin elasticsearch to 7.0.0 in requirements.txt #2684	〇
Add parameter 'smtp_ca_file', fix STARTTLS problem #2681	-
Update elast alert.py #2679	-
Update requirements.txt to match the jira-version of setup.py #2676	〇
Fixing jira version in python3.7 #2673	〇
Jira attach kibana link #2658	-
Update README.md #2655	-
Fix frequency rule #2653	-
Bugfix and better error handling on zabbix alerter #2640	〇
added squadcast to README #2632	-
added squadcast alert source integration #2629	-
Add service monitor ping URL feature #2626	-
Add prometheus metrics #2622	〇
Enabling to embed images into email alerter #2606	〇
Task/show warn false #2604	〇
Add a new rule: find_match #2596
Better thehive integration #2585	-
add spike_aggregation rule mapping #2575	〇	Supported by elastalert 0.2.2
Clarify syntax for multiple fields for query_key #2548	-
Updated requirements.txt to match setup.py version. Missing on #2442.	〇
Enable to select whether to prohibit enhancement from being run on alert information to be written back to ES #2542	-
Update documentation for percentage_format_string and alerta_timeout #2537	-
Add dockerfile linter to pre-commit and clean up Dockerfile #2506	-
Document Use of key in Alert Formatting #2497	-
Adding a timeout to all requests calls #2495	-
Bug: import within import not getting imported #2483	-
Adds two option for more efficient reporting #2435	-
Add Slack Alerts Footer #2433	〇
Add 'opsgenie_alias_kw' feature (and documentation update). #2423	-
Remove the error "Included term may be missing or null" when using metric aggregation on multiple filelds #2410	-
Fix Documentation Build Warnings #2407	-
Add Docs: Elasticsearch Security Privileges #2406	〇
Theoooooo add discord alerter #2379	〇
Add Support for Twilio Copilot #2374	〇
Added Squadcast integration #2361	-
metaIndex control #2348	-
refactor run_query #2345	-
Remove Duplicate Key in Schema YAML #2343	〇
fix ruletypes.rst typo #2342	〇
Fix Writeback Index Prefix in Example Config #2335	-
Add Line Notify Alerter #2290	〇
add opsgenie_addr to docs #2278	〇
Adding Zabbix as supported alert type. #2277	〇
Fix query_string syntax in writing_filters.rst #2272	-
Alerta: Add Customer in Alert Payload #2269	-
Adds writeback_suffix/alias functionality back into code base #2239	-
Fixed the logging property in config.yaml.example #2231	〇
Add Alertmanager alerter #2228	〇
Patch for ElasticSearch 7.x Support #2226	-
Delete multiline code in TG alert #2223	-
VictorOps: Set state_message and entity_display_name from rule #2212	〇
Add Prometheus Metrics #2211	-
meta-rules support added #2180	-
ES6 writeback index fix + extra features #2168	-
Add Praeco to README #2139	-
Fix multiple query_key issue in PercentageMatchRule #2133	〇
Add MISP Alerter #2126	-
adding env var variable expansion for elasticsearch creds #2121	-
Fixes #2110 Logging inconsistencies fixed in alerts.py #2112	〇
Add alert_text_header and alert_text_footer options #2096	-
Fixes FrequencyRule.add_data to run check_for_match on all keys seen #2094	-
Resend update config option #2080	-
corrected spike aggregation support for avg,min,max #2075	〇
Put quotes around aggregate_id search #2038	〇
prevent asterisks from crashing telegram #2009	-
change silence to elastalert_silence #2007	-
Sentry integration #1716	-
Add Dockerfile #1644
Add support for RocketChat #1610	〇
Add chnges in abao plus pin python-dateutil version #1607	-
Add support for AWS SES #1594	〇
Addition of RabbitMQ alert output #1585	-
Docs: Add link to term vs. full text filtering #1562	-
Improve http_alerter (add headers, ignore ssl, basic auth) #1558	-
Support regexs in the blacklist / whitelist #1550	-
Add Alert_Text to ES index, reused existing method from alerts.py #1545	-
Add Flowdock alerter #1505	-
Fix to ChangeRule to allow elastalert to search backwards for the last occurrences #1499	-
Added syslog alerter #1433	-
Adding Spark alerter #1400	-
feature run elastalert in new relic style #1386	-
fix for must_not #1351	-
Description field added to elastalaert events #1339	-
Add dingtalk alert #1206	〇
Set shards and replicas settings for index creation #1201	-
Anomaly detector #1115	-
[Bug] Percentage Calculate is not True , and now recovery it #973	-
Improved test_rule #963	-
Added elastalert_status index timestamping #945	-
Bump requests dependency to 2.13.0 #922	-
ElasticSearch Queries in Rule Types #883	-
resolves #866 : move requirements into setup.py #867	-
Fixing license in setup.py to be the license #834	-
Support python3 & es5 #827	-
Added a REST API to List, Create, and Test rules #656	-
Datacratic #565	-
Add Dockerfile for an Alpine Linux based image. #408	-
Better cardinality rule #323	-
IRC Alert #319	-

---

ElastAlert Pull Request(Close)

title	Has it been merged with elastalert2?	remark
Reduce risk of UUID collision in The Hive #3219	〇
ElastAlert 0.2.5 #3214	〇
Add auto-resolve features #3207	-
Upstream pull #3188	△
Add alert handler to create Datadog Events #3164	〇
Fix the empty compound_query_key value #3017	-
Setting size to 0 avoids executing the fetch phase of the search making the request more efficient #2999	〇
Add support for custom_details in the PagerDuty alerter v2 module #2976	〇
Fix: Mattermost 400 BAD request error #2902	-
add telegram markdown option #2883	-
Batman 2339 - Changes not taking effect after adding new fields in X1 alerts to create ServiceNow tickets. #2853	△	Only impact and urgency have been added with elastalert2
Hack into ElastAlert to bend it for Scrapinghub needs [WIP] #2815	-
Add Zalo Messenger alert type #2619	-

---

ElastAlert Issue

title	Is it solved by ElastAlert2?	remark
getting ResourceWarning: unclosed <socket.socket fd=17, family=AddressFamily.AF_INET #3205
Trying to assign Epic Link to Jira ticket #3108
Elastalert is broken on python3.9 through blist dependency #3092	〇
Elastalert not sending alerts to zabbix #3081	〇
Jira customfield not taking argument #3073
ElastAlert With Office 363 #3062
elastalert with loki #3061
10,000 query hits limit for 'metric_aggregation' rules #3027
use_terms_query does not support multiple query_key #3026
blist no longer works in Python 3.9 #2983	〇
ElasticSearch 7.7 - [bool] failed to parse field [must] #2807
Got an error AttributeError: 'StompConnection11' object has no attribute 'start' with alert type stomp #2731	〇
Got an error with "TypeError: deprecated_search() got an unexpected keyword argument 'headers'" #2725	〇	ElastAlert 2.4.0
doc_type is deprecated and will be removed in ES 8 #2698	〇	ElastAlert 2.4.0
Zabbix alert module error #2621	〇
Zabbix alert #2601	〇
Elastalet fails if alerter type zabbix is used: "ValueError: not enough values to unpack" [bug] #2586	〇
PagerTree not mapped loaders.py #2571	〇
Removal of doc_type #2523	〇	ElastAlert 2.4.0
Line notify is missing #2516	〇
doc_type is no longer supported in ES > 7.x , however use_count_query and use_terms_query still check for it #2424	〇	ElastAlert 2.4.0
Out of Memory #2399