run_every on frequency base #422
-
|
Hi, I have this rule: ---
name: Unexpected Container State
type: frequency
timeframe:
minutes: 5
num_events: 1
filter:
- term:
"kubernetes.container.status.reason": "CrashLoopBackOff"
...I created a container which is constantly crashing to trigger the alert. Although, I was expecting the alert to trigger every 5 minutes. Looks like I got that wrong. Is there anyway of doing this without using the Also, ideally it would trigger in the minute if something happens and then alert every 5 minutes. But I could do if it was just checking every 5 minutes. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
You can override the global For the "only alert once every 5 minutes", read up on the realert config parameter: https://elastalert2.readthedocs.io/en/latest/ruletypes.html?highlight=realert#realert. That's exactly why that param exists, and it too can be introduced into the rule yaml to override a global setting. |
Beta Was this translation helpful? Give feedback.
You can override the global
run_everysetting in each rule, so if you want to check rule every 5 minutes, but your global run_every is set to something higher, then add that config param to this rule's yaml.For the "only alert once every 5 minutes", read up on the realert config parameter: https://elastalert2.readthedocs.io/en/latest/ruletypes.html?highlight=realert#realert. That's exactly why that param exists, and it too can be introduced into the rule yaml to override a global setting.