Skip to content
/ esalert Public

A simple Elasticsearch alert tool written in Powershell

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

elasticsearchvn/esalert

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
rules
rules
 
 
.editorconfig
.editorconfig
 
 
README.md
README.md
 
 
esalert.ps1
esalert.ps1
 
 
sample-log
sample-log
 
 

Repository files navigation

esalert

A simple Elasticsearch alert tool written in Powershell. Inspired by ElastAlert at https://github.com/Yelp/elastalert

Why?

My idea is to use Powershell script to query data on Elasticsearch and act on the responses. It should be simple enough so that anyone with basic Powershell Elasticsearch knowledge can create a rule within 1 to 5 minutes.

What?

Process

  1. Create and test an ES query in Sense/Developer Tool
  2. Copy the query into a Powershell script template. Each script is a rule.
  3. Test if it works as expected

Components

  1. Windows Task Scheduler
  2. Powershell v4 or later
    • A module to handle alert methods, alert suppression, and other minor features
    • Multiple rule templates (count, average, spike, whitelist, blacklist, flatline, frequency, etc.)
  3. Sense/Developer Tool in Kibana or anything you prefer to create query.

About

A simple Elasticsearch alert tool written in Powershell

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages