ElastAlert query for special characters.

Since below query has special characters, it fails when try to send an alert and error is logged in elastalert_status*

query: “message:high disk watermark [90%]”

To avoid that give like

query: “message: \”high disk watermark [90%]\””

put-records-elasticsearch.yaml: |-
---
name: put-records-elasticsearch
type: cardinality
limit_execution: "0/10 * * * *"
index: eck-logs
min_cardinality: 50
cardinality_field: "message"
timeframe:
minutes: 15
filter:
- query:
query_string:
query: "message: \"high disk watermark [90%]\""
alert:
- "email"
email:
- ""
from_addr: ""
alert_subject: "Logstash is unable to PUT records in Elasticsearch."

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store