Replies: 1 comment
-
This issue is stale because it has been open for 6 months with no activity. Stale issues convey that the issue, while important to someone, is not critical enough for the author, or other community members to work on, sponsor, or otherwise shepherd the issue through to a resolution. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Suppose the following scenario:
At startup, Elastalert will query the whole timeframe (= 2h), from 5.50 to 7.50 AM and fill in the current window. However, the reference window will be empty. This means that an alert will not triggered at 7.55 AM...
Do you agree that such an issue might happen?
A way should be found to fill in both the reference window and the current window when Elastalert is restarted. This could be done by adapting the definition of the SpikeRule.timeframe to be equal to the half of the rule["timeframe"]
Beta Was this translation helpful? Give feedback.
All reactions