Elastalert is used for alerting on unknown scenario in our production environment based on predefined rules of different types of alerts in the rules config file.
Add a new rules file in the rules directory. More information about different types of rules here. Once elastalert detects changes in any file, it reloads the applications.
e.g. docker build -t elastalert:1.0 .
When running elastalert for the very first time, elastalert-create-index script needs to be executed once to create the indexes required for elastalert to maintain inforamtion about rules/alerts.
docker run -v /<rules-and-config-dir-on-source>:/<mount-dir-on-container> -i elastalert:1.0 <arguments for elastalert>
e.g. docker run -v /home/elastalert-code:/app/elastalert -i elastalert:1.0 --config config/config.yaml --rule rules/example-test.yaml --verbose