is not valid under any of the given schemas

[zshhh666666]

Please look at the following questions for me!!tks!!!

Here is my rules file!

index: "alerttest*"

type: "Frequency"

name: "a"

is_enabled: true
num_events: 2
realert:
  minutes: 5
terms_size: 50
timeframe:
  minutes: 5

filter:
  - query_string:
      query: "@timestamp:*"

alert:
  - "email"
email:
  - "[email protected]"
  - "[email protected]"
smtp_host: smtp.qq.com
smtp_port: 465
smtp_auth_file: /opt/elastalert/rules/smtpfile/email_auth.yaml

Here are my startup commands!
docker run --net=elastic --name elastalert --restart=always
-v /opt/elk8.12.0/elastalert/alerttest/elastalert.yaml:/opt/elastalert/config.yaml
-v /opt/elk8.12.0/elastalert/alerttest/rules:/opt/elastalert/rules
-v /opt/elk8.12.0/elastalert/alerttest/certs:/opt/elastalert/certs
harbor.yusur.tech/tools/elastalert2:2.18.0 --verbose

By the way,The type field of rules doesn't work if I use "frequency", so I use "Frequency".

[jertel]

It must be frequency.

[zshhh666666]

I use "frequency" like this

[jertel]

Check all your rule files in alerttest/rules and verify that they all have type: field provided and there is no hidden character in the file interfering.

Also, you are using a custom built or tagged Docker image. I can only help people that use the officially released ElastAlert 2 image.

[zshhh666666]

thanks for your reply! I just pulled the official mirror onto the Intranet to speed things up. I am sure that I have carefully checked all the fields, and I really hope to get your help, thank you very much!

…

-----------------rules.yaml----------------- index: "alerttest*" type: "frequency" name: "a" is_enabled: true num_events: 2 realert:   minutes: 5 terms_size: 50 timeframe:   minutes: 5 filter:   - query_string:       query: ***@***.***:*" alert:   - "email" email:   - ***@***.***"   - ***@***.***" smtp_host: smtp.qq.com smtp_port: 465 smtp_auth_file: /opt/elastalert/rules/smtpfile/email_auth.yaml

-----------------rules.yaml-----------------

------------------ 原始邮件 ------------------ 发件人: "jertel/elastalert2" ***@***.***>; 发送时间: 2024年6月21日(星期五) 下午5:56 ***@***.***>; ***@***.******@***.***>; 主题: Re: [jertel/elastalert2] is not valid under any of the given schemas (Discussion #1474) Check all your rule files in alerttest/rules and verify that they all have type: field provided and there is no hidden character in the file interfering. Also, you are using a custom built or tagged Docker image. I can only help people that use the officially released ElastAlert 2 image. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: ***@***.***>

[jertel]

I suggest starting fresh, with a new rules directory containing only the provided examples/rules/example_frequency.yaml rule provided with ElastAlert 2. Confirm that works first before attempting to customize it.