Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is it possible to dynamically set fields within a rule based on the output of the ELK query? #3305

Open
ericlee123 opened this issue Oct 17, 2024 · 0 comments
Open

Is it possible to dynamically set fields within a rule based on the output of the ELK query? #3305

ericlee123 opened this issue Oct 17, 2024 · 0 comments

Comments

@ericlee123
Copy link

I currently have an alert that runs an ELK query, and then alerts team A if the number of events exceeds a threshold. This query spans across multiple databases, which belong to other teams, like team B/C/D... However, I would like to know if it is possible to configure a single Elastalert rule to dynamically route an alert to a respective team based on the output of ELK query.

For example, if the alert fires for a given database abcde, I would like to route that directly to team ABCDE (using Opsgenie, so that would look like dynamically setting the value for alert.opsgenie.opsgenie_tags).

Is this possible?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ericlee123