writing rules by using aggregation of a field #99
Replies: 1 comment 11 replies
-
Have you looked at the example_spike.yaml file yet? |
Beta Was this translation helpful? Give feedback.
11 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I want to write an elastalert rule where, there is a spike in any particular user's activity i.e., say user xyz, on average logs in 20 times a day but on some days if he crosses double of average, there should be an alert.
Please help me writing this rule. I'm very much new to elastalert.
Beta Was this translation helpful? Give feedback.
All reactions