Merge pull request #234 from ferozsalam/refactor-running-instructions

Refactor running instructions

README.md

@@ -7,6 +7,13 @@ ElastAlert 2 is backwards compatible with the original ElastAlert rules.
 
 ![CI Workflow](https://github.com/jertel/elastalert/workflows/master_build_test/badge.svg)
 
+## Docker and Kubernetes
+
+ElastAlert 2 is well-suited to being run as a microservice, and is available
+as a [Docker container][2]. A [Helm chart][7] is also maintained for easy
+configuration as a Kubernetes deployment. For more instructions on how to
+configure and run ElastAlert 2 in this way, see [here][8].
+
 ## Documentation
 
 Documentation, including an FAQ, for ElastAlert 2 can be found on [readthedocs.com][3]. This is the place to start if you're not familiar with ElastAlert 2 at all.
@@ -17,28 +24,6 @@ The full list of platforms that ElastAlert 2 can fire alerts into can be found [
 
 Please see our [contributing guidelines][6].
 
-## Docker
-
-If you're interested in a pre-built Docker image check out the [elastalert2][2] project on Docker Hub.
-
-Be aware that the `latest` tag of the image represents the latest commit into the master branch. If you prefer to upgrade more slowly you will need utilize a versioned tag, such as `2.1.0` instead, or `2` if you are comfortable with always using the latest released version of ElastAlert 2.
-
-A properly configured config.yaml file must be mounted into the container during startup of the container. Use the [example file][1] provided as a template, and once saved locally to a file such as `/tmp/elastalert.yaml`, run the container as follows:
-
-```bash
-docker run -d -v /tmp/elastalert.yaml:/opt/elastalert/config.yaml jertel/elastalert2
-```
-
-To build the image locally run the following command:
-
-```bash
-docker build . -t elastalert2
-```
-
-## Kubernetes
-
-See the Helm chart [README.md][7] for information on installing this application into an existing Kubernetes cluster.
-
 ## License
 
 ElastAlert 2 is licensed under the [Apache License, Version 2.0][5].
@@ -50,4 +35,5 @@ ElastAlert 2 is licensed under the [Apache License, Version 2.0][5].
 [4]: https://elastalert2.readthedocs.io/en/latest/ruletypes.html#alerts
 [5]: https://www.apache.org/licenses/LICENSE-2.0
 [6]: https://github.com/jertel/elastalert2/blob/master/CONTRIBUTING.md
-[7]: https://github.com/jertel/elastalert2/tree/master/chart/elastalert2
+[7]: https://github.com/jertel/elastalert2/tree/master/chart/elastalert2
+[8]: https://elastalert2.readthedocs.io/en/latest/running_elastalert.html

docs/source/elastalert.rst

@@ -244,50 +244,3 @@ adjust the logging format.
 
 For details, see the end of ``config.yaml.example`` where you can find an example logging
 configuration.
-
-
-.. _runningelastalert:
-
-Running ElastAlert
-==================
-
-``$ python elastalert/elastalert.py``
-
-Several arguments are available when running ElastAlert:
-
-``--config`` will specify the configuration file to use. The default is ``config.yaml``.
-
-``--debug`` will run ElastAlert in debug mode. This will increase the logging verboseness, change
-all alerts to ``DebugAlerter``, which prints alerts and suppresses their normal action, and skips writing
-search and alert metadata back to Elasticsearch. Not compatible with `--verbose`.
-
-``--verbose`` will increase the logging verboseness, which allows you to see information about the state
-of queries. Not compatible with `--debug`.
-
-``--start <timestamp>`` will force ElastAlert to begin querying from the given time, instead of the default,
-querying from the present. The timestamp should be ISO8601, e.g.  ``YYYY-MM-DDTHH:MM:SS`` (UTC) or with timezone
-``YYYY-MM-DDTHH:MM:SS-08:00`` (PST). Note that if querying over a large date range, no alerts will be
-sent until that rule has finished querying over the entire time period. To force querying from the current time, use "NOW".
-
-``--end <timestamp>`` will cause ElastAlert to stop querying at the specified timestamp. By default, ElastAlert
-will periodically query until the present indefinitely.
-
-``--rule <rule.yaml>`` will only run the given rule. The rule file may be a complete file path or a filename in ``rules_folder``
-or its subdirectories.
-
-``--silence <unit>=<number>`` will silence the alerts for a given rule for a period of time. The rule must be specified using
-``--rule``. <unit> is one of days, weeks, hours, minutes or seconds. <number> is an integer. For example,
-``--rule noisy_rule.yaml --silence hours=4`` will stop noisy_rule from generating any alerts for 4 hours.
-
-``--es_debug`` will enable logging for all queries made to Elasticsearch.
-
-``--es_debug_trace <trace.log>`` will enable logging curl commands for all queries made to Elasticsearch to the
-specified log file. ``--es_debug_trace`` is passed through to `elasticsearch.py
-<http://elasticsearch-py.readthedocs.io/en/master/index.html#logging>`_ which logs `localhost:9200`
-instead of the actual ``es_host``:``es_port``.
-
-``--end <timestamp>`` will force ElastAlert to stop querying after the given time, instead of the default,
-querying to the present time. This really only makes sense when running standalone. The timestamp is formatted
-as ``YYYY-MM-DDTHH:MM:SS`` (UTC) or with timezone ``YYYY-MM-DDTHH:MM:SS-XX:00`` (UTC-XX).
-
-``--pin_rules`` will stop ElastAlert from loading, reloading or removing rules based on changes to their config files.

docs/source/elastalert_status.rst

@@ -67,4 +67,4 @@ an alert with ``realert`` is triggered, a ``silence`` record will be written wit
   be 0 unless ``exponential_realert`` is set.
 
 Whenever an alert is triggered, ElastAlert will check for a matching ``silence`` document, and if the ``until`` timestamp is in the future, it will ignore
-the alert completely. See the :ref:`Running ElastAlert <runningelastalert>` section for information on how to silence an alert.
+the alert completely. See the :ref:`Running ElastAlert <elastalert-arguments>` section for information on how to silence an alert.