Flatline rule has stopped working #1534
-
|
I had a configured flatline rule running, and never changed the rule but it stopped picking matches, it is not disabled, it is in the correct folder. it is running as according to the verbose posted to the cmdline. part of my config: ` ` |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
First verify your cluster health is all green. Then verify the data is still being ingested and indexed correctly. |
Beta Was this translation helpful? Give feedback.
-
|
everything was good, except for using use_terms_query, I had realized a while ago that for some reason using that with flatline does not work. |
Beta Was this translation helpful? Give feedback.
First verify your cluster health is all green. Then verify the data is still being ingested and indexed correctly.
If those are both good, enable debug logging in ElastAlert 2 to review the query and response to/from the Elastic (or OpenSearch) server. That will tell you 1) if the request is being made, and 2) if there were any results.