ElastAlert 0.2.5

Dockerfile-test

@@ -1,7 +1,9 @@
-FROM ubuntu:latest
+FROM ubuntu:21.10
 
-RUN apt-get update && apt-get upgrade -y
-RUN apt-get -y install build-essential python3.6 python3.6-dev python3-pip libssl-dev git
+RUN apt update && apt upgrade -y
+RUN apt install software-properties-common -y
+RUN add-apt-repository ppa:deadsnakes/ppa
+RUN apt -y install build-essential python3.10 python3.10-dev python3-pip libssl-dev git
 
 WORKDIR /home/elastalert
 

Makefile

@@ -21,7 +21,7 @@ test-elasticsearch:
 
 test-docker:
 	docker-compose --project-name elastalert build tox
-	docker-compose --project-name elastalert run tox
+	docker-compose --project-name elastalert run --rm tox
 
 clean:
 	make -C docs clean

README.md

@@ -39,23 +39,33 @@ Several rule types with common monitoring paradigms are included with ElastAlert
 
 Currently, we have built-in support for the following alert types:
 
+- Alerta
+- Alertmanager
+- Amazon Simple Notification Service (AWS SNS)
+- Command
+- Datadog
+- Debug
+- Discord
 - Email
-- JIRA
+- Exotel
+- Gitter
+- Google Chat
+- HTTP POST
+- Jira
+- Line Notify
+- Mattermost
+- Microsoft Teams
 - OpsGenie
-- Commands
-- HipChat
-- MS Teams
-- Slack
-- Telegram
-- GoogleChat
-- AWS SNS
-- VictorOps
+- Rocket.Chat
 - PagerDuty
 - PagerTree
-- Exotel
+- ServiceNow
+- Slack
+- Splunk On-Call (Formerly VictorOps)
+- Stomp
+- Telegram
+- TheHive
 - Twilio
-- Gitter
-- Line Notify
 - Zabbix
 
 Additional rule types and alerts can be easily imported or written.
@@ -115,13 +125,13 @@ A [Dockerized version](https://github.com/bitsensor/elastalert) of ElastAlert in
 
 ```bash
 git clone https://github.com/bitsensor/elastalert.git; cd elastalert
-docker run -d -p 3030:3030 \
+docker run -d -p 3030:3030 -p 3333:3333 \
     -v `pwd`/config/elastalert.yaml:/opt/elastalert/config.yaml \
     -v `pwd`/config/config.json:/opt/elastalert-server/config/config.json \
     -v `pwd`/rules:/opt/elastalert/rules \
     -v `pwd`/rule_templates:/opt/elastalert/rule_templates \
     --net="host" \
-    --name elastalert bitsensor/elastalert:latest
+    --name elastalert bitsensor/elastalert:3.0.0-beta.1
 ```
 
 ## Documentation
@@ -150,7 +160,7 @@ Examples of different types of rules can be found in example_rules/.
 increases by a given factor. This example will send an email alert when there are 3 times more events matching a filter occurring within the
 last 2 hours than the number of events in the previous 2 hours.
 
-- ``example_frequency.yaml`` is an example of the "frequency" rule type, which will alert when there are a given number of events occuring
+- ``example_frequency.yaml`` is an example of the "frequency" rule type, which will alert when there are a given number of events occurring
 within a time period. This example will send an email when 50 documents matching a given filter occur within a 4 hour timeframe.
 
 - ``example_change.yaml`` is an example of the "change" rule type, which will alert when a certain field in two documents changes. In this example,
@@ -267,7 +277,7 @@ status:
 
 ### How can I make the alert come at a certain time?
 
-The ``aggregation`` feature will take every alert that has occured over a period of time and send them together in one alert. You can use cron style syntax to send all alerts that have occured since the last once by using
+The ``aggregation`` feature will take every alert that has occurred over a period of time and send them together in one alert. You can use cron style syntax to send all alerts that have occurred since the last once by using
 
 ```
 aggregation:
@@ -290,7 +300,7 @@ buffer_time:
   minutes: 5
 ```
 
-By default, ElastAlert will download every document in full before processing them. Instead, you can have ElastAlert simply get a count of the number of documents that have occured in between each query. To do this, set ``use_count_query: true``. This cannot be used if you use ``query_key``, because ElastAlert will not know the contents of each documents, just the total number of them. This also reduces the precision of alerts, because all events that occur between each query will be rounded to a single timestamp.
+By default, ElastAlert will download every document in full before processing them. Instead, you can have ElastAlert simply get a count of the number of documents that have occurred in between each query. To do this, set ``use_count_query: true``. This cannot be used if you use ``query_key``, because ElastAlert will not know the contents of each documents, just the total number of them. This also reduces the precision of alerts, because all events that occur between each query will be rounded to a single timestamp.
 
 If you are using ``query_key`` (a single key, not multiple keys) you can use ``use_terms_query``. This will make ElastAlert perform a terms aggregation to get the counts for each value of a certain field. Both ``use_terms_query`` and ``use_count_query`` also require ``doc_type`` to be set to the ``_type`` of the documents. They may not be compatible with all rule types.
 

config.yaml.example

@@ -48,7 +48,6 @@ es_port: 9200
 
 # Use SSL authentication with client certificates client_cert must be
 # a pem file containing both cert and key for client
-#verify_certs: True
 #ca_certs: /path/to/cacert.pem
 #client_cert: /path/to/client_cert.pem
 #client_key: /path/to/client_key.key
@@ -78,38 +77,38 @@ alert_time_limit:
 #    logline:
 #      format: '%(asctime)s %(levelname)+8s %(name)+20s %(message)s'
 #
-#    handlers:
-#      console:
-#        class: logging.StreamHandler
-#        formatter: logline
-#        level: DEBUG
-#        stream: ext://sys.stderr
+#  handlers:
+#    console:
+#      class: logging.StreamHandler
+#      formatter: logline
+#      level: DEBUG
+#      stream: ext://sys.stderr
 #
-#      file:
-#        class : logging.FileHandler
-#        formatter: logline
-#        level: DEBUG
-#        filename: elastalert.log
+#    file:
+#      class : logging.FileHandler
+#      formatter: logline
+#      level: DEBUG
+#      filename: elastalert.log
 #
-#    loggers:
-#      elastalert:
-#        level: WARN
-#        handlers: []
-#        propagate: true
+#  loggers:
+#    elastalert:
+#      level: WARN
+#      handlers: []
+#      propagate: true
 #
-#      elasticsearch:
-#        level: WARN
-#        handlers: []
-#        propagate: true
+#    elasticsearch:
+#      level: WARN
+#      handlers: []
+#      propagate: true
 #
-#      elasticsearch.trace:
-#        level: WARN
-#        handlers: []
-#        propagate: true
+#    elasticsearch.trace:
+#      level: WARN
+#      handlers: []
+#      propagate: true
 #
-#      '':  # root logger
-#        level: WARN
-#          handlers:
-#            - console
-#            - file
-#        propagate: false
+#    '':  # root logger
+#      level: WARN
+#      handlers:
+#        - console
+#        - file
+#      propagate: false

docs/source/elastalert.rst

@@ -31,18 +31,34 @@ Several rule types with common monitoring paradigms are included with ElastAlert
 
 Currently, we have support built in for these alert types:
 
+- Alerta
+- Alertmanager
+- Amazon Simple Notification Service (AWS SNS)
 - Command
+- Datadog
+- Debug
+- Discord
 - Email
-- JIRA
+- Exotel
+- Gitter
+- Google Chat
+- HTTP POST
+- Jira
+- Line Notify
+- Mattermost
+- Microsoft Teams
 - OpsGenie
-- SNS
-- HipChat
+- PagerDuty
+- PagerTree
+- Rocket.Chat
+- ServiceNow
 - Slack
-- Telegram
-- GoogleChat
-- Debug
+- Splunk On-Call (Formerly VictorOps)
 - Stomp
+- Telegram
 - TheHive
+- Twilio
+- Zabbix
 
 Additional rule types and alerts can be easily imported or written. (See :ref:`Writing rule types <writingrules>` and :ref:`Writing alerts <writingalerts>`)