Merge pull request #1320 from jertel/jertel/flkey

Clarify use of flatline query_key values in alerts
jertel · Nov 28, 2023 · 7e60c67 · 7e60c67
2 parents d8ac134 + 2ec7bc1
commit 7e60c67
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@
 
 ## Other changes
 - Update setup.py & requirements.txt & requirements-dev.txt - [#1316](https://github.com/jertel/elastalert2/pull/1316) - @nsano-rururu
+- [Docs] Clarify how to reference query_key values in flatline alerts - [#1320](https://github.com/jertel/elastalert2/pull/1320) - @jertel
 
 # 2.15.0
 

diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst
@@ -1411,7 +1411,7 @@ default 50, unique terms.
 ``terms_size``: When used with ``use_terms_query``, this is the maximum number of terms returned per query. Default is 50.
 
 ``query_key``: With flatline rule, ``query_key`` means that an alert will be triggered if any value of ``query_key`` has been seen at least once
-and then falls below the threshold.
+and then falls below the threshold. To reference the query_key value within a flatline alert message, use ``key`` as the field name.
 
 ``forget_keys``: Only valid when used with ``query_key``. If this is set to true, ElastAlert 2 will "forget" about the ``query_key`` value that
 triggers an alert, therefore preventing any more alerts for it until it's seen again.