Skip to content

ElastAlert 2 RuleTypes support status

Jump to bottom
Naoyuki Sano edited this page Nov 9, 2023 · 3 revisions

Any

name UI Remark
any

Blacklist

name UI Remark
blacklist
compare_key

Whitelist

name UI Remark
whitelist
compare_key
ignore_null

Change

name UI Remark
change
compare_key
ignore_null
query_key
timeframe

Frequency

name UI Remark
frequency
num_events
timeframe
use_count_query
use_terms_query query_key,terms_size
terms_size use_terms_query
query_key
num_events
attach_related
related_events

Spike

name UI Remark
spike
spike_height
spike_type
timeframe
field_value
threshold_ref
threshold_cur
alert_on_new_data query_key
query_key
use_count_query
use_terms_query query_key,terms_size
terms_size use_terms_query

Flatline

name UI Remark
flatline
threshold
timeframe
use_count_query
use_terms_query
terms_size
query_key
forget_keys

New Term

name UI Remark
new_term
fields
query_key
terms_window_size
window_step_size
alert_on_missing_field
use_terms_query
terms_size
use_keyword_postfix

Cardinality

name UI Remark
cardinality
timeframe
cardinality_field
max_cardinality
min_cardinality
query_key

Metric Aggregation

name UI Remark
metric_aggregation
buffer_time
run_every
metric_agg_key
metric_agg_type
max_threshold
min_threshold
percentile_range
query_key
metric_agg_script
min_doc_count
use_run_every_query_size
allow_buffer_time_overlap
bucket_interval
sync_bucket_interval
metric_format_string

Spike Aggregation

Not Support

Percentage Match

Not Support

Clone this wiki locally