elastalert error

[ramprasadavirineni]

Hello all,
I've been installed elastalert on elk7.11, I configured config and rules files, but alert are not getting on mails..
please anyone have idea on help me out....
1 rules loaded
INFO:elastalert:Starting up
INFO:elastalert:Disabled rules are: []
INFO:elastalert:Sleeping for 59.999878 seconds
INFO:elastalert:Queried rule Hello Test mail from ELK Stack please ignore from 2021-05-07 07:41 EDT to 2021-05-07 07:56 EDT: 0 / 0 hits
INFO:elastalert:Ran Hello Test mail from ELK Stack please ignore from 2021-05-07 07:41 EDT to 2021-05-07 07:56 EDT: 0 query hits (0 already seen), 0 matches, 0 alerts sent
INFO:elastalert:Background configuration change check run at 2021-05-07 07:57 EDT
INFO:elastalert:Background alerts thread 0 pending alerts sent at 2021-05-07 07:57 EDT

My config.yml:
cat config.yaml|grep -v "^#"
rules_folder: example_rules

run_every:
minutes: 1

buffer_time:
minutes: 15

es_host: 192.168.0.1

es_port: 9200

writeback_index: elastalert_status
writeback_alias: elastalert_alerts

alert_time_limit:
days: 0
smtp_port: 25
smtp_host: 'xxx.com'

name: Hello Test mail from ELK Stack please ignore

type: frequency

index: filebeat-*

num_events: 3

timeframe:
hours: 1

filter:

query:
query_string:
query: "message: authentication failure OR failure password"
timestamp_field: "@timestamp"
#- term:
process_name: "DefaultQuartzScheduler6"

alert:

"email"

email:

"[email protected]"

[jertel]

If it's not getting any hits/matches then it could be due to your query being improperly quoted. I suggest double checking that in Kibana to make sure it's returning what you expect.

[ramprasadavirineni]

Hi Sano, At kibana end what I need to check to receive, could you please share any proper link to this issue it may helpful for me, And I could see yours comments on blog for elastalert, please suggest on this... [image: image.png] Thank You, Ramprasad

…

On Fri, May 7, 2021 at 10:09 PM Jason Ertel ***@***.***> wrote: If it's not getting any hits/matches then it could be due to your query being improperly quoted. I suggest double checking that in Kibana to make sure it's returning what you expect. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#135 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AKCH7LGU37ATCEDIW2IWIQTTMQJT5ANCNFSM44KHUV7Q> .

[ramprasadavirineni]

Yes, I couldn't see any connection error from the mail server, as I am able to receive mails from the root path.(system generate mail) Thanks, Ramprasad

…

On Fri, May 7, 2021 at 8:27 PM Naoyuki Sano ***@***.***> wrote: Does that mean there is no connection error to the mail server? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#135 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AKCH7LCVVL2IODUIQ5JASN3TMP5XDANCNFSM44KHUV7Q> .

[nsano-rururu]

At kibana end what I need to check to receive, could you please share any
proper link to this issue it may helpful for me,
And I could see yours comments on blog for elastalert, please suggest on
this...

I don't know where the elastalert blog is.