ElastAlert setup a string not contain alert.

For the documents that received for the past 10 minutes ,If one document found that with the status_code field value not contain 200 and service_id equals to given value, sends an alert

demo-and-alert.yaml: |-
---
name: demo-and-alert
type: frequency
limit_execution: "0/10 * * * *"
index: index-pattern*
num_events: 1
timeframe:
minutes: 10
realert:
minutes: 30
filter:
- query:
query_string:
query: "(service_id: selfservice) AND NOT status_code: 200"
alert:
- "email"
email:
- ""
from_addr: ""
alert_subject: "[ElastAlert] [prod] WARINING - Sample message{0}."
alert_subject_args:
- service_id
alert_text: "Alert text Message is- {0} cluster. At {1}."
alert_text_type: alert_text_only
alert_text_args:
- message
- ""

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store