|
| 1 | +# NOTE: This config is used when testing a rule |
| 2 | + |
| 3 | +# The elasticsearch hostname for metadata writeback |
| 4 | +# Note that every rule can have its own elasticsearch host |
| 5 | +es_host: localhost |
| 6 | + |
| 7 | +# The elasticsearch port |
| 8 | +es_port: 9200 |
| 9 | + |
| 10 | +# This is the folder that contains the rule yaml files |
| 11 | +# Any .yaml file will be loaded as a rule |
| 12 | +rules_folder: rules |
| 13 | + |
| 14 | +# How often ElastAlert will query elasticsearch |
| 15 | +# The unit can be anything from weeks to seconds |
| 16 | +run_every: |
| 17 | + seconds: 5 |
| 18 | + |
| 19 | +# ElastAlert will buffer results from the most recent |
| 20 | +# period of time, in case some log sources are not in real time |
| 21 | +buffer_time: |
| 22 | + minutes: 1 |
| 23 | + |
| 24 | +# Optional URL prefix for elasticsearch |
| 25 | +#es_url_prefix: elasticsearch |
| 26 | + |
| 27 | +# Connect with TLS to elasticsearch |
| 28 | +#use_ssl: True |
| 29 | + |
| 30 | +# Verify TLS certificates |
| 31 | +#verify_certs: True |
| 32 | + |
| 33 | +# GET request with body is the default option for Elasticsearch. |
| 34 | +# If it fails for some reason, you can pass 'GET', 'POST' or 'source'. |
| 35 | +# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport |
| 36 | +# for details |
| 37 | +#es_send_get_body_as: GET |
| 38 | + |
| 39 | +# Option basic-auth username and password for elasticsearch |
| 40 | +#es_username: someusername |
| 41 | +#es_password: somepassword |
| 42 | + |
| 43 | +# The index on es_host which is used for metadata storage |
| 44 | +# This can be a unmapped index, but it is recommended that you run |
| 45 | +# elastalert-create-index to set a mapping |
| 46 | +writeback_index: elastalert_status |
| 47 | + |
| 48 | +# If an alert fails for some reason, ElastAlert will retry |
| 49 | +# sending the alert until this time period has elapsed |
| 50 | +alert_time_limit: |
| 51 | + days: 2 |
0 commit comments