Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Build Status



Simple alerting application. It was inspired by elastalert and Jenkins pipelines. The goal is to provide users with more sophisticated rule system.

Why l3rt?

  • Zero-dependency. No additional database required.
  • Infrastructure-as-code friendly. Manage your rules as regular files
  • Infinite flexibility in rule configuration
  • Built-in web UI playground

Request a feature

Feature Requests

Currently, l3rt supports the following sources as an input:

Supported outputs:

Supported rules:

  • ElasticSearch: queryString rule - returns messages matched by a query string
  • ElasticSearch: query rule - free-form rule that is fully managed by ElasticSearch's search query
  • ElasticSearch: count rule - returns number of events occurred for the given period of time (or multiple periods)
  • Missing yours? Add a feature request or submit a pull request


You can use a web UI to create and debug your rules. Just start L3rt and go to http://localhost:8080/


How to use

Create a config file where you need to specify common configuration for all your rules:

  "sources": [
    {"url": "elasticSearch:http://localhost:9200"}
  "targetSettings": {
    "mailServer": {
      "host": "",
      "port": "465",
      "auth":  true,
      "username": "",
      "password": "password"

You can find more info about config here.

Create your rule. All rules are groovy based DSLs, so you can use all power of groovy in your rules.


rule {
    ruleName = "myTestRule"
    params = [
            index: "logstash-*",
            queryString: "message:Error"

    reaction { messages ->
        messages.each {
            if ("Critical")) {
                email("", "Error",
                hipchat("Room with logs",, "RED", true)
            } else {
                hipchat("Room with logs",, "YELLOW", true)

Build & Launch

Development mode

You need:

  • Java >=8
  • Node ~v8.*.*
  • Npm
  1. Launch lert.Application as a plain java application with optional parameters:
  • -Dlogback.configurationFile=logback-dev.xml - dev logger config
  • -Dconfig.file=~/l3rt/conf.json - specifies the config location
  • -Drules=~/l3rt/rules/ - specifies a folder with rules if this parameter hasn't been defined in the config
  1. Launch client side


  1. Build ./gradlew application:jar

  2. Run java -Dconfig.file=/l3rt/config/config.json -Drules=/l3rt/rules/ -jar ./application/build/libs/l3rt-1.6.0.jar

NOTE: l3rt requires >= Java 8 and Docker

Via Docker

Create your config file ~/conf.json on your local machine. Then start it as follows:

docker run -it -v ~/conf.json:/l3rt/config/config.json -p 8080:8080 dimafeng/l3rt:1.6.0

Optionally you can specify location of your rules -v ~/rules:/l3rt/rules.

Go to http://localhost:8080 and play with L3rt!



This project is in heavy development stage so all contributions are appreciated.

Special thanks