.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.2.
.TH ELASTALERT "1" "December 2022" "elastalert 0.2.4-3" "User Commands"
.SH NAME
elastalert \- elastalert
.SH DESCRIPTION
usage: elastalert [\-h] [\-\-config CONFIG] [\-\-debug] [\-\-rule RULE]
.IP
[\-\-silence SILENCE] [\-\-start START] [\-\-end END] [\-\-verbose]
[\-\-patience TIMEOUT] [\-\-pin_rules] [\-\-es_debug]
[\-\-es_debug_trace ES_DEBUG_TRACE]
.SS "options:"
.TP
\fB\-h\fR, \fB\-\-help\fR
show this help message and exit
.TP
\fB\-\-config\fR CONFIG
Global config file (default: config.yaml)
.TP
\fB\-\-debug\fR
Suppresses alerts and prints information instead. Not
compatible with `\-\-verbose`
.TP
\fB\-\-rule\fR RULE
Run only a specific rule (by filename, must still be
in rules folder)
.TP
\fB\-\-silence\fR SILENCE
Silence rule for a time period. Must be used with
\fB\-\-rule\fR. Usage: \fB\-\-silence\fR <units>=<number>, eg.
\fB\-\-silence\fR hours=2
.TP
\fB\-\-start\fR START
YYYY\-MM\-DDTHH:MM:SS Start querying from this
timestamp. Use "NOW" to start from current time.
(Default: present)
.TP
\fB\-\-end\fR END
YYYY\-MM\-DDTHH:MM:SS Query to this timestamp. (Default:
present)
.TP
\fB\-\-verbose\fR
Increase verbosity without suppressing alerts. Not
compatible with `\-\-debug`
.TP
\fB\-\-patience\fR TIMEOUT
Maximum time to wait for ElasticSearch to become
responsive. Usage: \fB\-\-patience\fR <units>=<number>. e.g.
\fB\-\-patience\fR minutes=5
.TP
\fB\-\-pin_rules\fR
Stop ElastAlert from monitoring config file changes
.TP
\fB\-\-es_debug\fR
Enable verbose logging from Elasticsearch queries
.TP
\fB\-\-es_debug_trace\fR ES_DEBUG_TRACE
Enable logging from Elasticsearch queries as curl
command. Queries will be logged to file. Note that
this will incorrectly display localhost:9200 as the
host/port