Skip to content

Elastalert parsing exception #1553

Closed Answered by jertel
ngms17 asked this question in Q&A
Oct 15, 2024 · 1 comments · 4 replies
Discussion options

You must be logged in to vote

If you're talking about showing the time in an alert text subject or body, then perhaps your TimeEnhancement should be copying the @timestamp field into a new field named "local_timestamp", so it doesn't touch the original timestamp. Then reference that new field in your formatted alert message.

Replies: 1 comment 4 replies

Comment options

You must be logged in to vote
4 replies
@ngms17
Comment options

@jertel
Comment options

Answer selected by jertel
@ngms17
Comment options

@jertel
Comment options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants