-
Notifications
You must be signed in to change notification settings - Fork 88
ElastAlert 2 RuleTypes support status
Naoyuki Sano edited this page Nov 8, 2023
·
3 revisions
Any
| name | UI | Remark |
|---|---|---|
| any |
Blacklist
| name | UI | Remark |
|---|---|---|
| blacklist | ||
| compare_key |
Whitelist
| name | UI | Remark |
|---|---|---|
| whitelist | ||
| compare_key | ||
| ignore_null |
Change
| name | UI | Remark |
|---|---|---|
| change | ||
| compare_key | ||
| ignore_null | ||
| query_key | ||
| timeframe |
Frequency
| name | UI | Remark |
|---|---|---|
| frequency | ||
| num_events | ||
| timeframe | ||
| use_count_query | ||
| use_terms_query | query_key,terms_size | |
| terms_size | use_terms_query | |
| query_key | ||
| num_events | ||
| attach_related | ||
| related_events |
Spike
| name | UI | Remark |
|---|---|---|
| spike | ||
| spike_height | ||
| spike_type | ||
| timeframe | ||
| field_value | ||
| threshold_ref | ||
| threshold_cur | ||
| alert_on_new_data | query_key | |
| query_key | ||
| use_count_query | ||
| use_terms_query | query_key,terms_size | |
| terms_size | use_terms_query |
Flatline
| name | UI | Remark |
|---|---|---|
| flatline | ||
| threshold | ||
| timeframe | ||
| use_count_query | ||
| use_terms_query | ||
| terms_size | ||
| query_key | ||
| forget_keys |
New Term
| name | UI | Remark |
|---|---|---|
| new_term | ||
| fields | ||
| query_key | ||
| terms_window_size | ||
| window_step_size | ||
| alert_on_missing_field | ||
| use_terms_query | ||
| terms_size | ||
| use_keyword_postfix |
Cardinality
| name | UI | Remark |
|---|---|---|
| cardinality | ||
| timeframe | ||
| cardinality_field | ||
| max_cardinality | ||
| min_cardinality | ||
| query_key |
Metric Aggregation
| name | UI | Remark |
|---|---|---|
Spike Aggregation
| name | UI | Remark |
|---|---|---|
Percentage Match
| name | UI | Remark |
|---|---|---|