We are using ElastAlert for alerting on Elasticsearch data, and we have a bunch of rules. Now, some of those rules only make sense to run within business hours (like weekdays) and we would like to define the periods when the rule should run as part of the rule itself.
Would like to know if ElastAlert itself has this feature, or is there something that we can do it to implement this feature on our side.
There is a beta feature for this already, which supports cron syntax to define when the rule should run: https://github.com/Yelp/elastalert/issues/492#issuecomment-438024625
Another workaround is using Enhancements, a way of injecting custom code in ElastAlert, which run for every match. In the enhancement, you could essentially check if the time corresponds to non-business hours and drop the match in case.
Related
Sentry has the ability to setup a rule to ignore errors for a certain duration (1 day) or occurrence (< 10 times). I would like the ability to see these rules, is there a UI or programmatic way to access these? For example, here the Ui to create an ignore rule.
This is visible in the Activity tab in the issue detail.
For example, ignoring an issue:
Or ignoring if happens N times:
Not sure there's a specific API to get this. That said, you can see what APIs the front end uses, and just call those.
I am working on a project where the objective is to keep track of whether a client has uploaded data within their expected time-window or not. These windows can occur daily, weekly, bi-weekly, bi-monthly, quarterly... etc. I'm currently using the CRON syntax to describe these schedules which kind-of works, but it falls short in some scenarios, for example the bi-weekly one.
I was wondering if there is some industry standard way to efficiently describe and store schedules that I don't know of. I tried to educate myself via Google, but when I put the word schedule into the mix, it always assumes I'm trying to schedule some task, but I only want to calculate dates based on these schedule definitions and compare the incoming file dates with them.
Thank you
Currently with rule type Frequency(or any other), we can configure count based alerts.
ex. if Error=404, occurs more than 5 times in last 1 hour.
But I want to configure % based alerts and not count based alert.
ex. If Error=404 goes beyond 10% in last 1 hour.
Is it possible to configure such alert ?
elastAlert allows anyone to create their own rules. So you can inspire yourself from what the frequency rule does and create a new one that works on percentage instead.
In your case, instead of creating a new rule you could simply subclass FrequencyRule and modify the behavior to fit your needs
I'm using logstash 1.5 to analyze logs.
I want to track two events which occur one after the other.
So I would like to set a flag/field/tag when first event occurs and retain the value across events.
I looked at this link but looks like grep and drop are not supported in logstash 1.5.
Is there a way of achieving this?
The closest you can get with logstash is the elapsed{} filter. You could use that code as a basis for your own filter if it doesn't meet your needs. I also run some external (python) post-processing to do more than elapsed{} can (or should) do.
Windows Phone allows you to create and register system alarms with the ScheduledActionService. The options for recurrenceType are daily, weekly, etc.
I am trying to get alarms set for specific days. This is not possible using the recurrenceType enum. The only way I can see to achieve this is to create an alarm for each day specified. This way, for a single alarm that is created I will have to create a copy of it on every day I wish it to recur.
The only issue with this is displaying them. They cannot be given a 'Name' property and so there is no way to logically group these alarms in to a single "master" alarm.
has anyone encountered this issue? Is there a way to set alarms without using this scheduler service? I cannot think of a way around this and would appreciate any guidance.
The only example I'm aware of where someone was in a similar situation resulted in them not using the scheduler at all.
As they required a complex scheduling pattern they instead chose to not use any of the built in functionality but rather to create individual alarms as appropriate. They already had an existing BackgroundAgent and added functionality there to ensure that the next two alarms were always queued up.
Your exact requirements may make this possible.
I'd think carefully about adding an agent just for this though.