table of contents
| ELASTALERT(1) | User Commands | ELASTALERT(1) |
NAME¶
elastalert - elastalert
DESCRIPTION¶
usage: elastalert [-h] [--config CONFIG] [--debug] [--rule RULE]
- [--silence SILENCE] [--start START] [--end END] [--verbose] [--patience TIMEOUT] [--pin_rules] [--es_debug] [--es_debug_trace ES_DEBUG_TRACE]
options:¶
- -h, --help
- show this help message and exit
- --config CONFIG
- Global config file (default: config.yaml)
- --debug
- Suppresses alerts and prints information instead. Not compatible with `--verbose`
- --rule RULE
- Run only a specific rule (by filename, must still be in rules folder)
- --silence SILENCE
- Silence rule for a time period. Must be used with --rule. Usage: --silence <units>=<number>, eg. --silence hours=2
- --start START
- YYYY-MM-DDTHH:MM:SS Start querying from this timestamp. Use "NOW" to start from current time. (Default: present)
- --end END
- YYYY-MM-DDTHH:MM:SS Query to this timestamp. (Default: present)
- --verbose
- Increase verbosity without suppressing alerts. Not compatible with `--debug`
- --patience TIMEOUT
- Maximum time to wait for ElasticSearch to become responsive. Usage: --patience <units>=<number>. e.g. --patience minutes=5
- --pin_rules
- Stop ElastAlert from monitoring config file changes
- --es_debug
- Enable verbose logging from Elasticsearch queries
- --es_debug_trace ES_DEBUG_TRACE
- Enable logging from Elasticsearch queries as curl command. Queries will be logged to file. Note that this will incorrectly display localhost:9200 as the host/port
| December 2022 | elastalert 0.2.4-3 |