-
Notifications
You must be signed in to change notification settings - Fork 87
ElastAlert 2 RuleTypes support status
Naoyuki Sano edited this page Nov 9, 2023
·
3 revisions
Any
| name | UI | Remark |
|---|---|---|
| any |
Blacklist
| name | UI | Remark |
|---|---|---|
| blacklist | ||
| compare_key |
Whitelist
| name | UI | Remark |
|---|---|---|
| whitelist | ||
| compare_key | ||
| ignore_null |
Change
| name | UI | Remark |
|---|---|---|
| change | ||
| compare_key | ||
| ignore_null | ||
| query_key | ||
| timeframe |
Frequency
| name | UI | Remark |
|---|---|---|
| frequency | ||
| num_events | ||
| timeframe | ||
| use_count_query | ||
| use_terms_query | query_key,terms_size | |
| terms_size | use_terms_query | |
| query_key | ||
| num_events | ||
| attach_related | ||
| related_events |
Spike
| name | UI | Remark |
|---|---|---|
| spike | ||
| spike_height | ||
| spike_type | ||
| timeframe | ||
| field_value | ||
| threshold_ref | ||
| threshold_cur | ||
| alert_on_new_data | query_key | |
| query_key | ||
| use_count_query | ||
| use_terms_query | query_key,terms_size | |
| terms_size | use_terms_query |
Flatline
| name | UI | Remark |
|---|---|---|
| flatline | ||
| threshold | ||
| timeframe | ||
| use_count_query | ||
| use_terms_query | ||
| terms_size | ||
| query_key | ||
| forget_keys |
New Term
| name | UI | Remark |
|---|---|---|
| new_term | ||
| fields | ||
| query_key | ||
| terms_window_size | ||
| window_step_size | ||
| alert_on_missing_field | ||
| use_terms_query | ||
| terms_size | ||
| use_keyword_postfix |
Cardinality
| name | UI | Remark |
|---|---|---|
| cardinality | ||
| timeframe | ||
| cardinality_field | ||
| max_cardinality | ||
| min_cardinality | ||
| query_key |
Metric Aggregation
| name | UI | Remark |
|---|---|---|
| metric_aggregation | ||
| buffer_time | ||
| run_every | ||
| metric_agg_key | ||
| metric_agg_type | ||
| max_threshold | ||
| min_threshold | ||
| percentile_range | ||
| query_key | ||
| metric_agg_script | ||
| min_doc_count | ||
| use_run_every_query_size | ||
| allow_buffer_time_overlap | ||
| bucket_interval | ||
| sync_bucket_interval | ||
| metric_format_string |
Spike Aggregation
Not Support
Percentage Match
Not Support