Skip to content
/ elastalert-configuring Public

ElastAlert daemonizing and some rules for filebeat and metricbeat

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

orsinium-labs/elastalert-configuring

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
rules
rules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
elastalert.service
elastalert.service
 
 
elastalert.yml
elastalert.yml
 
 

Repository files navigation

ElastAlert configuring

Installation

  1. Install ElastAlert into Python 2.7: 
    pip install elastalert
  2. Create dirs for configs: 
    mkdir -p /etc/elastalert/rules
  3. Place elastalert.yml into /etc/elastalert
  4. Place elastalert.service into /lib/systemd/system/.
  5. Create indices into ElasticSearch: 
    elastalert-create-index --config /etc/elastalert/elastalert.yml
  6. Create some rules.
  7. Test rules: 
    elastalert-test-rule --config /etc/elastalert/elastalert.yml /etc/elastalert/rules/*.yml
  8. Run service: 
    systemctl daemon-reload                 # update configs
systemctl enable elastalert.service     # auto run on startup
systemctl start elastalert.service      # run
systemctl status elastalert.service     # check status

If you're add or modify rules you don't need restart daemon. ElastAlert reread all rules on each check.

References

  1. Rules examples
  2. Documentation
  3. Daemonizing

About

ElastAlert daemonizing and some rules for filebeat and metricbeat

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published