Replies: 1 comment
-
It looks like ElastAlert 2 is functioning correctly, but the query to Elasticsearch isn't returning anything. Perhaps you have ElastAlert 2 pointed at the wrong ES cluster? Or there's a mistake in your datastream configuration, where it's not pulling from that index? Perhaps try setting the rule's |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi there. Similar to issue #1424, I have an issue where elastalert is generating false negative flatline alerts.
I have a rule that looks for an absence of logs coming in from the ca-central-* AWS availability zone:
Here are the debug logs:
From Slack:
But you can see in the screenshot below, logs have consistently been coming in:
What am I doing wrong here?
Thank you very much!
Beta Was this translation helpful? Give feedback.
All reactions