ELASTALERT

NAME

elastalert - elastalert

DESCRIPTION

usage: elastalert [-h] [--config CONFIG] [--debug] [--rule RULE]

[--silence SILENCE] [--start START] [--end END] [--verbose] [--patience TIMEOUT] [--pin_rules] [--es_debug] [--es_debug_trace ES_DEBUG_TRACE]

options:

-h, --help

show this help message and exit

--config CONFIG

Global config file (default: config.yaml)

--debug

Suppresses alerts and prints information instead. Not compatible with ‘--verbose‘

--rule RULE

Run only a specific rule (by filename, must still be in rules folder)

--silence SILENCE

Silence rule for a time period. Must be used with --rule. Usage: --silence <units>=<number>, eg. --silence hours=2

--start START

YYYY-MM-DDTHH:MM:SS Start querying from this timestamp. Use "NOW" to start from current time. (Default: present)

--end END

YYYY-MM-DDTHH:MM:SS Query to this timestamp. (Default: present)

--verbose

Increase verbosity without suppressing alerts. Not compatible with ‘--debug‘

--patience TIMEOUT

Maximum time to wait for ElasticSearch to become responsive. Usage: --patience <units>=<number>. e.g. --patience minutes=5

--pin_rules

Stop ElastAlert from monitoring config file changes

--es_debug

Enable verbose logging from Elasticsearch queries

--es_debug_trace ES_DEBUG_TRACE

Enable logging from Elasticsearch queries as curl command. Queries will be logged to file. Note that this will incorrectly display localhost:9200 as the host/port