ElastAlert send an alert when no documents is received for an index

For that we could use cardinality, this is a good example -https://github.com/Yelp/elastalert/blob/master/example_rules/example_cardinality.yaml

Based on that , I wrote when there are no messages for 10 minutes send an alert. So first, it send s an alert, then it does not send an alert until new data is added to avoid sending the same alert over and over again. So if the newly added data don’t match the condition and don’t exceed the min_cardinality value, it will send an alert again.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store