Elastalert: What is proper rule syntax to generate two different alert types?
I can successfully use this in a rule to send an email:
alert:
- "email"
email:
- "[email protected]"
or this to send a Slack message:
alert:
- "slack"
slack:
slack_webhook_url: "my-slack-webhook"
but how do I specify that I want a rule to do both? Appending the second example above to the first one seems to result in the first one being discarded and only the last one taking affect. I presume I can only have one "alert:" line and then multiple alert types specified thereafter, but my every attempt at this results in rule parsing failures. For example, this fails
alert:
- "email"
email:
- "[email protected]"
- "slack"
slack:
slack_webhook_url: "my-slack-webhook"
with an error "yaml.parser.ParserError: while parsing a block mapping in...expected
Please enlighten me about proper syntax for specifying multiple alert types for my above example.
Thanks!
branchnetconsulting
All 2 comments
Hi,
You must enumerate your alert methods all within the alert block, like so:
alert:
- "email"
- "slack"
Then you only need your email list:
email:
- "[email protected]"
- "[email protected]"
and your slack options (no need for slack: by itself):
slack_webhook_url: "my-slack-webhook"
slack_username_override: "Elastalert"
pblasquez
on 31 May 2017
Thanks, that worked like a charm!
branchnetconsulting
on 31 May 2017
Related issues
vaibhavtupe
路
4Comments
abhishekjiitr
路
3Comments
aromualdo
路
4Comments
otisonoza
路
4Comments
MaximilianKaltner
路
3Comments
Most helpful comment
Hi,
You must enumerate your alert methods all within the alert block, like so:
Then you only need your email list:
and your slack options (no need for slack: by itself):