Elastalert Demo Config
👉 This writeup is part of “Elasticsearch Deploy Docs” series Elastalert 📄 Official docs 📂 Official project Repo Elastalert is developed by Yelp written in python, queries docs in elasticsearch and send alerts depends on the rules. Since Elastalert is not part of Elasticsearch plugin, we can install it where ever we want to. Installation ❗ Refer elasticsearch-deploy-notes/elastalert for example config $ sudo apt-get install python3-pip $ sudo pip3 install elastalert $ sudo pip3 install -U PyYAML $ mkdir -p /opt/elastalert/rules ## Copy alert rules yaml files and config file to /opt/elastalert and /opt/elastalert/rules accordingly from this repo Recommended to create index in elasticsearch for elastalert to store metadata $ elastalert-create-index Elastic Version: 7.7.0 Reading Elastic 6 index mappings: Reading index mapping 'es_mappings/6/silence.json' Reading index mapping 'es_mappings/6/elastalert_status.json' Reading index mapping 'es_mappings/6/elastalert.json' Reading index mapping 'es_mappings/6/past_elastalert.json' Reading index mapping 'es_mappings/6/elastalert_error.json' New index elastalert_status created Done! Test rules in case if it is needed $ elastalert-test-rule --config /opt/elastalert/config.yaml /opt/elastalert/rules/heartbeat_checks.yml Postfix Gmail SMTP In oder to use Gmail as SMTP, you need to enable 2-Factor authentication and generate app password ...