From 1a42831b776d3156e1b2deaecd0e5b96ea177b40 Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Tue, 20 Oct 2020 21:10:52 +0300 Subject: [PATCH 01/12] adding support for multiple imports and statsd metrics --- config.yaml.example | 6 ++++++ docs/source/ruletypes.rst | 15 +++++++++++++++ docs/source/running_elastalert.rst | 4 ++++ elastalert/config.py | 4 +++- elastalert/elastalert.py | 18 ++++++++++++++++++ elastalert/loaders.py | 29 +++++++++++++++++++---------- elastalert/schema.yaml | 7 ++++++- requirements.txt | 2 ++ 8 files changed, 73 insertions(+), 12 deletions(-) diff --git a/config.yaml.example b/config.yaml.example index 9d917638..70423de9 100644 --- a/config.yaml.example +++ b/config.yaml.example @@ -30,6 +30,12 @@ es_port: 9200 # Optional URL prefix for Elasticsearch #es_url_prefix: elasticsearch +# Optional prefix for statsd metrics +#statsd_metrics_prefix: elastalert + +# Optional statsd host +#statsd_host: dogstatsd + # Connect with TLS to Elasticsearch #use_ssl: True diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index ff376371..f1aab460 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -40,6 +40,10 @@ Rule Configuration Cheat Sheet +--------------------------------------------------------------+ | | ``es_url_prefix`` (string, no default) | | +--------------------------------------------------------------+ | +| ``statsd_metrics_prefix`` (string, no default) | | ++--------------------------------------------------------------+ | +| ``statsd_host`` (string, no default) | | ++--------------------------------------------------------------+ | | ``es_send_get_body_as`` (string, default "GET") | | +--------------------------------------------------------------+ | | ``aggregation`` (time, no default) | | @@ -289,6 +293,17 @@ es_url_prefix ``es_url_prefix``: URL prefix for the Elasticsearch endpoint. (Optional, string, no default) +statsd_metrics_prefix +^^^^^^^^^^^^^ + +``statsd_metrics_prefix``: prefix for statsd metrics. (Optional, string, no default) + + +statsd_host +^^^^^^^^^^^^^ + +``statsd_host``: statsd host. (Optional, string, no default) + es_send_get_body_as ^^^^^^^^^^^^^^^^^^^ diff --git a/docs/source/running_elastalert.rst b/docs/source/running_elastalert.rst index 7fdf1eeb..3f937c40 100644 --- a/docs/source/running_elastalert.rst +++ b/docs/source/running_elastalert.rst @@ -66,6 +66,10 @@ Next, open up config.yaml.example. In it, you will find several configuration op ``es_url_prefix``: Optional; URL prefix for the Elasticsearch endpoint. +``statsd_metrics_prefix``: Optional; prefix for statsd metrics. + +``statsd_host``: Optional; statsd host. + ``es_send_get_body_as``: Optional; Method for querying Elasticsearch - ``GET``, ``POST`` or ``source``. The default is ``GET`` ``writeback_index`` is the name of the index in which ElastAlert will store data. We will create this index later. diff --git a/elastalert/config.py b/elastalert/config.py index 5ae9a26e..fe26fb39 100644 --- a/elastalert/config.py +++ b/elastalert/config.py @@ -20,7 +20,9 @@ 'ES_USERNAME': 'es_username', 'ES_HOST': 'es_host', 'ES_PORT': 'es_port', - 'ES_URL_PREFIX': 'es_url_prefix'} + 'ES_URL_PREFIX': 'es_url_prefix', + 'STATSD_METRICS_PREFIX': 'statsd_metrics_prefix', + 'STATSD_HOST': 'statsd_host'} env = Env(ES_USE_SSL=bool) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index b078c86d..6eb160d1 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -16,6 +16,8 @@ from smtplib import SMTP from smtplib import SMTPException from socket import error +import statsd + import dateutil.tz import pytz @@ -163,6 +165,14 @@ def __init__(self, args): self.thread_data.num_dupes = 0 self.scheduler = BackgroundScheduler() self.string_multi_field_name = self.conf.get('string_multi_field_name', False) + self.statsd_prefix = os.environ.get('statsd_metrics_prefix', '') + self.statsd_host = os.environ.get('statsd_host', '') + if self.statsd_host and len(self.statsd_host) > 0: + self.statsd = statsd.StatsClient(host=self.statsd_host, + port=8125, + prefix=self.statsd_prefix) + else: + self.statsd = None self.add_metadata_alert = self.conf.get('add_metadata_alert', False) self.show_disabled_rules = self.conf.get('show_disabled_rules', True) @@ -1279,6 +1289,14 @@ def handle_rule_execution(self, rule): " %s alerts sent" % (rule['name'], old_starttime, pretty_ts(endtime, rule.get('use_local_time')), self.thread_data.num_hits, self.thread_data.num_dupes, num_matches, self.thread_data.alerts_sent)) + rule_duration = seconds(endtime - rule.get('original_starttime')) + elastalert_logger.info("%s range %s" % (rule['name'], rule_duration)) + if self.statsd: + self.statsd.gauge('query.hits', self.thread_data.num_hits, tags={"rule_name": rule['name']}) + self.statsd.gauge('already_seen.hits', self.thread_data.num_dupes,tags={"rule_name": rule['name']}) + self.statsd.gauge('query.matches', num_matches, tags={"rule_name": rule['name']}) + self.statsd.gauge('query.alerts_sent', self.thread_data.alerts_sent, tags={"rule_name": rule['name']}) + self.thread_data.alerts_sent = 0 if next_run < datetime.datetime.utcnow(): diff --git a/elastalert/loaders.py b/elastalert/loaders.py index 77119476..24a1cca6 100644 --- a/elastalert/loaders.py +++ b/elastalert/loaders.py @@ -193,6 +193,7 @@ def load_yaml(self, filename): } self.import_rules.pop(filename, None) # clear `filename` dependency + files_to_import = [] while True: loaded = self.get_yaml(filename) @@ -203,14 +204,16 @@ def load_yaml(self, filename): loaded.update(rule) rule = loaded if 'import' in rule: - # Find the path of the next file. - import_filename = self.get_import_rule(rule) - # set dependencies + # add all of the files to load into the load queue + files_to_import += self.get_import_rule(rule) + del (rule['import']) # or we could go on forever! + if len(files_to_import) > 0: + # set the next file to load + next_file_to_import = files_to_import.pop() rules = self.import_rules.get(filename, []) - rules.append(import_filename) + rules.append(next_file_to_import) self.import_rules[filename] = rules - filename = import_filename - del (rule['import']) # or we could go on forever! + filename = next_file_to_import else: break @@ -534,10 +537,16 @@ def get_import_rule(self, rule): :return: Path the import rule :rtype: str """ - if os.path.isabs(rule['import']): - return rule['import'] - else: - return os.path.join(os.path.dirname(rule['rule_file']), rule['import']) + rule_imports = rule['import'] + if type(rule_imports) is str: + rule_imports = [rule_imports] + expanded_imports = [] + for rule_import in rule_imports: + if os.path.isabs(rule_import): + expanded_imports.append(rule_import) + else: + expanded_imports.append(os.path.join(os.path.dirname(rule['rule_file']), rule_import)) + return expanded_imports def get_rule_file_hash(self, rule_file): rule_file_hash = '' diff --git a/elastalert/schema.yaml b/elastalert/schema.yaml index 1241315d..c9f76521 100644 --- a/elastalert/schema.yaml +++ b/elastalert/schema.yaml @@ -181,7 +181,12 @@ properties: use_strftime_index: {type: boolean} # Optional Settings - import: {type: string} + import: + anyOf: + - type: array + items: + type: string + - type: string aggregation: *timeframe realert: *timeframe exponential_realert: *timeframe diff --git a/requirements.txt b/requirements.txt index 9c32052d..c3a03f04 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20,3 +20,5 @@ requests>=2.0.0 stomp.py>=4.1.17 texttable>=0.8.8 twilio==6.0.0 +statsd==3.3.0 +statsd-tags==3.2.1 From 8f9cf3035e56012f7a0c2cde9fe89b18f28d7f0a Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Wed, 21 Oct 2020 11:16:12 +0300 Subject: [PATCH 02/12] fixing statsd reporting --- config.yaml.example | 2 +- docs/source/ruletypes.rst | 6 +++--- docs/source/running_elastalert.rst | 2 +- elastalert/config.py | 2 +- elastalert/elastalert.py | 16 +++++++--------- 5 files changed, 13 insertions(+), 15 deletions(-) diff --git a/config.yaml.example b/config.yaml.example index 70423de9..958e40a8 100644 --- a/config.yaml.example +++ b/config.yaml.example @@ -31,7 +31,7 @@ es_port: 9200 #es_url_prefix: elasticsearch # Optional prefix for statsd metrics -#statsd_metrics_prefix: elastalert +#statsd_instance_tag: elastalert # Optional statsd host #statsd_host: dogstatsd diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index f1aab460..bb3a58f6 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -40,7 +40,7 @@ Rule Configuration Cheat Sheet +--------------------------------------------------------------+ | | ``es_url_prefix`` (string, no default) | | +--------------------------------------------------------------+ | -| ``statsd_metrics_prefix`` (string, no default) | | +| ``statsd_instance_tag`` (string, no default) | | +--------------------------------------------------------------+ | | ``statsd_host`` (string, no default) | | +--------------------------------------------------------------+ | @@ -293,10 +293,10 @@ es_url_prefix ``es_url_prefix``: URL prefix for the Elasticsearch endpoint. (Optional, string, no default) -statsd_metrics_prefix +statsd_instance_tag ^^^^^^^^^^^^^ -``statsd_metrics_prefix``: prefix for statsd metrics. (Optional, string, no default) +``statsd_instance_tag``: prefix for statsd metrics. (Optional, string, no default) statsd_host diff --git a/docs/source/running_elastalert.rst b/docs/source/running_elastalert.rst index 3f937c40..8c87d875 100644 --- a/docs/source/running_elastalert.rst +++ b/docs/source/running_elastalert.rst @@ -66,7 +66,7 @@ Next, open up config.yaml.example. In it, you will find several configuration op ``es_url_prefix``: Optional; URL prefix for the Elasticsearch endpoint. -``statsd_metrics_prefix``: Optional; prefix for statsd metrics. +``statsd_instance_tag``: Optional; prefix for statsd metrics. ``statsd_host``: Optional; statsd host. diff --git a/elastalert/config.py b/elastalert/config.py index fe26fb39..87c51777 100644 --- a/elastalert/config.py +++ b/elastalert/config.py @@ -21,7 +21,7 @@ 'ES_HOST': 'es_host', 'ES_PORT': 'es_port', 'ES_URL_PREFIX': 'es_url_prefix', - 'STATSD_METRICS_PREFIX': 'statsd_metrics_prefix', + 'STATSD_INSTANCE_TAG': 'statsd_instance_tag', 'STATSD_HOST': 'statsd_host'} env = Env(ES_USE_SSL=bool) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 6eb160d1..541df181 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -165,12 +165,10 @@ def __init__(self, args): self.thread_data.num_dupes = 0 self.scheduler = BackgroundScheduler() self.string_multi_field_name = self.conf.get('string_multi_field_name', False) - self.statsd_prefix = os.environ.get('statsd_metrics_prefix', '') - self.statsd_host = os.environ.get('statsd_host', '') + self.statsd_instance_tag = self.conf.get('statsd_instance_tag', '') + self.statsd_host = self.conf.get('statsd_host', '') if self.statsd_host and len(self.statsd_host) > 0: - self.statsd = statsd.StatsClient(host=self.statsd_host, - port=8125, - prefix=self.statsd_prefix) + self.statsd = statsd.StatsClient(host=self.statsd_host, port=8125) else: self.statsd = None self.add_metadata_alert = self.conf.get('add_metadata_alert', False) @@ -1292,10 +1290,10 @@ def handle_rule_execution(self, rule): rule_duration = seconds(endtime - rule.get('original_starttime')) elastalert_logger.info("%s range %s" % (rule['name'], rule_duration)) if self.statsd: - self.statsd.gauge('query.hits', self.thread_data.num_hits, tags={"rule_name": rule['name']}) - self.statsd.gauge('already_seen.hits', self.thread_data.num_dupes,tags={"rule_name": rule['name']}) - self.statsd.gauge('query.matches', num_matches, tags={"rule_name": rule['name']}) - self.statsd.gauge('query.alerts_sent', self.thread_data.alerts_sent, tags={"rule_name": rule['name']}) + self.statsd.gauge('query.hits', self.thread_data.num_hits, tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) + self.statsd.gauge('already_seen.hits', self.thread_data.num_dupes,tags={"elastalert_instance": self.statsd_instance_tag"rule_name": rule['name']}) + self.statsd.gauge('query.matches', num_matches, tags={"elastalert_instance": self.statsd_instance_tag"rule_name": rule['name']}) + self.statsd.gauge('query.alerts_sent', self.thread_data.alerts_sent, tags={"elastalert_instance": self.statsd_instance_tag"rule_name": rule['name']}) self.thread_data.alerts_sent = 0 From a7a0993a22b305a5235a0f734247f08473fdfe8c Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Wed, 21 Oct 2020 11:22:04 +0300 Subject: [PATCH 03/12] fixing statsd reporting --- elastalert/elastalert.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 541df181..950ed503 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1291,9 +1291,9 @@ def handle_rule_execution(self, rule): elastalert_logger.info("%s range %s" % (rule['name'], rule_duration)) if self.statsd: self.statsd.gauge('query.hits', self.thread_data.num_hits, tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) - self.statsd.gauge('already_seen.hits', self.thread_data.num_dupes,tags={"elastalert_instance": self.statsd_instance_tag"rule_name": rule['name']}) - self.statsd.gauge('query.matches', num_matches, tags={"elastalert_instance": self.statsd_instance_tag"rule_name": rule['name']}) - self.statsd.gauge('query.alerts_sent', self.thread_data.alerts_sent, tags={"elastalert_instance": self.statsd_instance_tag"rule_name": rule['name']}) + self.statsd.gauge('already_seen.hits', self.thread_data.num_dupes,tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) + self.statsd.gauge('query.matches', num_matches, tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) + self.statsd.gauge('query.alerts_sent', self.thread_data.alerts_sent, tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) self.thread_data.alerts_sent = 0 From be1ee8b1b51130e7c4b51a6c1685faf3855daf28 Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Wed, 21 Oct 2020 11:34:38 +0300 Subject: [PATCH 04/12] fixing statsd reporting --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index c3a03f04..3d4f788a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -21,4 +21,4 @@ stomp.py>=4.1.17 texttable>=0.8.8 twilio==6.0.0 statsd==3.3.0 -statsd-tags==3.2.1 +statsd-telegraf==3.2.1 From efcbbc39b74bc767662ac97089ced2e0b1bb21f5 Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Wed, 21 Oct 2020 11:39:50 +0300 Subject: [PATCH 05/12] fixing statsd reporting --- requirements.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 3d4f788a..78d08580 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20,5 +20,4 @@ requests>=2.0.0 stomp.py>=4.1.17 texttable>=0.8.8 twilio==6.0.0 -statsd==3.3.0 -statsd-telegraf==3.2.1 +statsd-telegraf==3.2.1.post1 From c69f9adcf57a49f9b7aad36d04cfa471d5e3972c Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Wed, 21 Oct 2020 11:41:41 +0300 Subject: [PATCH 06/12] fixing statsd reporting --- elastalert/elastalert.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index 950ed503..efec4652 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1290,10 +1290,13 @@ def handle_rule_execution(self, rule): rule_duration = seconds(endtime - rule.get('original_starttime')) elastalert_logger.info("%s range %s" % (rule['name'], rule_duration)) if self.statsd: - self.statsd.gauge('query.hits', self.thread_data.num_hits, tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) - self.statsd.gauge('already_seen.hits', self.thread_data.num_dupes,tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) - self.statsd.gauge('query.matches', num_matches, tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) - self.statsd.gauge('query.alerts_sent', self.thread_data.alerts_sent, tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) + try: + self.statsd.gauge('query.hits', self.thread_data.num_hits, tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) + self.statsd.gauge('already_seen.hits', self.thread_data.num_dupes,tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) + self.statsd.gauge('query.matches', num_matches, tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) + self.statsd.gauge('query.alerts_sent', self.thread_data.alerts_sent, tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) + except BaseException as e: + elastalert_logger.error("unable to send metrics:\n%s" % str(e)) self.thread_data.alerts_sent = 0 From a972cb4ae57f48367e3d5bf43a789ee2816cca25 Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Wed, 21 Oct 2020 12:01:44 +0300 Subject: [PATCH 07/12] fixing statsd reporting --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 78d08580..54978e02 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20,4 +20,4 @@ requests>=2.0.0 stomp.py>=4.1.17 texttable>=0.8.8 twilio==6.0.0 -statsd-telegraf==3.2.1.post1 +statsd-tags==3.2.1.post1 From 5293cada4e9338dcfc22417dcae52460d1705360 Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Sun, 17 Jan 2021 10:33:56 +0200 Subject: [PATCH 08/12] adjusting indentation --- elastalert/elastalert.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py index efec4652..f1e1d6b7 100755 --- a/elastalert/elastalert.py +++ b/elastalert/elastalert.py @@ -1291,10 +1291,18 @@ def handle_rule_execution(self, rule): elastalert_logger.info("%s range %s" % (rule['name'], rule_duration)) if self.statsd: try: - self.statsd.gauge('query.hits', self.thread_data.num_hits, tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) - self.statsd.gauge('already_seen.hits', self.thread_data.num_dupes,tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) - self.statsd.gauge('query.matches', num_matches, tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) - self.statsd.gauge('query.alerts_sent', self.thread_data.alerts_sent, tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) + self.statsd.gauge( + 'query.hits', self.thread_data.num_hits, + tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) + self.statsd.gauge( + 'already_seen.hits', self.thread_data.num_dupes, + tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) + self.statsd.gauge( + 'query.matches', num_matches, + tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) + self.statsd.gauge( + 'query.alerts_sent', self.thread_data.alerts_sent, + tags={"elastalert_instance": self.statsd_instance_tag, "rule_name": rule['name']}) except BaseException as e: elastalert_logger.error("unable to send metrics:\n%s" % str(e)) From d3f2658473f6a1b0246c607f8872e3dad23743aa Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Sun, 17 Jan 2021 10:41:09 +0200 Subject: [PATCH 09/12] adjusting indentation --- docs/source/ruletypes.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index bb3a58f6..8e7f4a36 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -40,7 +40,7 @@ Rule Configuration Cheat Sheet +--------------------------------------------------------------+ | | ``es_url_prefix`` (string, no default) | | +--------------------------------------------------------------+ | -| ``statsd_instance_tag`` (string, no default) | | +| ``statsd_instance_tag`` (string, no default) | | +--------------------------------------------------------------+ | | ``statsd_host`` (string, no default) | | +--------------------------------------------------------------+ | From 283f379a682ed4ea5539888de5001b741669eea9 Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Sun, 17 Jan 2021 10:45:16 +0200 Subject: [PATCH 10/12] fixing underline --- docs/source/ruletypes.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index 8e7f4a36..bb6ca2b4 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -294,7 +294,7 @@ es_url_prefix ``es_url_prefix``: URL prefix for the Elasticsearch endpoint. (Optional, string, no default) statsd_instance_tag -^^^^^^^^^^^^^ +^^^^^^^^^^^^^^^^^^^ ``statsd_instance_tag``: prefix for statsd metrics. (Optional, string, no default) From ad198da149c5057ae29ceff208345ff46e864917 Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Sun, 17 Jan 2021 16:46:39 +0200 Subject: [PATCH 11/12] adding statsd to setup.py --- setup.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 2845836a..35d1eb34 100644 --- a/setup.py +++ b/setup.py @@ -47,6 +47,7 @@ 'stomp.py>=4.1.17', 'texttable>=0.8.8', 'twilio>=6.0.0,<6.1', - 'cffi>=1.11.5' + 'cffi>=1.11.5', + 'statsd-tags==3.2.1.post1' ] ) From cef5e2b328458933a08b97903b30110ade7ae75c Mon Sep 17 00:00:00 2001 From: Elad Amit Date: Sat, 24 Apr 2021 20:08:45 +0300 Subject: [PATCH 12/12] updated the import directive docs --- docs/source/ruletypes.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index bb6ca2b4..2e26b0ca 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -249,8 +249,8 @@ import ``import``: If specified includes all the settings from this yaml file. This allows common config options to be shared. Note that imported files that aren't complete rules should not have a ``.yml`` or ``.yaml`` suffix so that ElastAlert doesn't treat them as rules. Filters in imported files are merged (ANDed) -with any filters in the rule. You can only have one import per rule, though the imported file can import another file, recursively. The filename -can be an absolute path or relative to the rules directory. (Optional, string, no default) +with any filters in the rule. You can only have one import per rule, though the imported file can import another file or multiple files, recursively. +The filename can be an absolute path or relative to the rules directory. (Optional, string or array of strings, no default) use_ssl ^^^^^^^