diff --git a/CHANGELOG.md b/CHANGELOG.md index 7bfaf526..5f74b7da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,7 @@ - sphinx 4.3.0 to 4.3.1 - [#588](https://github.com/jertel/elastalert2/pull/588) - @nsano-rururu - pytest-xdist 2.4.0 to 2.5.0 - [#615](https://github.com/jertel/elastalert2/pull/615) - @nsano-rururu - sphinx 4.3.1 to 4.3.2 - [#618](https://github.com/jertel/elastalert2/pull/618) - @nsano-rururu +- [Docs] Include Docker example; add additional FAQs - [#623](https://github.com/jertel/elastalert2/pull/623) - @nsano-rururu # 2.2.3 diff --git a/docs/source/recipes/faq-md.md b/docs/source/recipes/faq-md.md index a9e52da4..7e58293b 100644 --- a/docs/source/recipes/faq-md.md +++ b/docs/source/recipes/faq-md.md @@ -398,3 +398,14 @@ See the following issues on the original yelp/elastalert for more information. https://github.com/Yelp/elastalert/issues/1867
https://github.com/Yelp/elastalert/issues/2704 + +ElastAlert 2 doesn't have a listening port? +========== + +ElastAlert 2 does not have a network API. There is no listening port. You can monitor its activity by viewing the console output or Docker logs. + +I've set `ssl_show_warn` but it doesn't seem to work. +========== + +Currently ElastAlert 2 uses elasticserarch-py 7.0.0, but the target parameters are the parameters that can be used from elasticserarch-py 7.5.0. +In the future, we will end support for elasticsearch in the past and raise elasticserarch-py to 7.5.0 or later. \ No newline at end of file diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index 56113fdd..c5da1557 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -2618,7 +2618,7 @@ V2 API Options (Optional): These options are specific to the PagerDuty V2 API -See https://developer.pagerduty.com/docs/events-api-v2/trigger-events/ +See https://developer.pagerduty.com/api-reference/b3A6Mjc0ODI2Nw-send-an-event-to-pager-duty ``pagerduty_api_version``: Defaults to `v1`. Set to `v2` to enable the PagerDuty V2 Event API. diff --git a/docs/source/running_elastalert.rst b/docs/source/running_elastalert.rst index 80436175..b190de42 100644 --- a/docs/source/running_elastalert.rst +++ b/docs/source/running_elastalert.rst @@ -109,6 +109,87 @@ To build the image locally run the following command: .. _kubernetes-instructions: +Docker example + +elasticsearch has already been started with docker. +The docker network name is `es_default`. +I will explain on the assumption that elastalert will participate there. + +Create a rule directory and rules file in addition to elastalert.yaml +Mount when docker container starts + +.. code-block:: + + elastalert.yaml + rules/ + a.yaml + +elastalert.yaml + +.. code-block:: + + rules_folder: /opt/elastalert/rules + + run_every: + seconds: 10 + + buffer_time: + minutes: 15 + + es_host: elasticsearch + es_port: 9200 + + writeback_index: elastalert_status + + alert_time_limit: + days: 2 + +a.yaml + +.. code-block:: + + name: "a" + type: "frequency" + index: "mariadblog-*" + is_enabled: true + num_events: 2 + realert: + minutes: 5 + terms_size: 50 + timeframe: + minutes: 5 + timestamp_field: "@timestamp" + timestamp_type: "iso" + use_strftime_index: false + alert_subject: "Test {} 123 aa☃" + alert_subject_args: + - "message" + - "@log_name" + alert_text: "Test {} 123 bb☃" + alert_text_args: + - "message" + filter: + - query: + query_string: + query: "@timestamp:*" + alert: + - "slack" + slack_webhook_url: 'https://hooks.slack.com/services/xxxxxxxxx' + slack_channel_override: "#abc" + slack_emoji_override: ":kissing_cat:" + slack_msg_color: "warning" + slack_parse_override: "none" + slack_username_override: "elastalert" + +.. code-block:: + + docker run --net=es_default -d --name elastalert --restart=always \ + -v $(pwd)/elastalert.yaml:/opt/elastalert/config.yaml \ + -v $(pwd)/rules:/opt/elastalert/rules \ + jertel/elastalert2:2.2.3 --verbose + + docker logs -f elastalert + As a Kubernetes deployment ========================== @@ -126,13 +207,13 @@ As a Python package Requirements ------------ -- Elasticsearch +- Elasticsearch 6.x, 7.x. - ISO8601 or Unix timestamped data -- Python 3.9 +- Python 3.10. Require OpenSSL 1.1.1 or newer. - pip -- Packages on Ubuntu 21.x: build-essential python3-pip python3.9 python3.9-dev libffi-dev libssl-dev +- Packages on Ubuntu 21.x: build-essential python3-pip python3.10 python3.10-dev libffi-dev libssl-dev -If you want to install python 3.9 on CentOS, please install python 3.9 from the source code after installing 'Development Tools'. +If you want to install python 3.10 on CentOS, please install python 3.10 from the source code after installing 'Development Tools'. Downloading and Configuring ---------------------------