elastalert 发送多个电子邮件警报，而不是发送聚合电子邮件

Question

ElastAlert 不是发送一个警报，而是为每个映射的文档发送电子邮件。下面是我的规则文件。它有效，但我希望在一封电子邮件中发出警报。请帮助任何建议将不胜感激。

skynet.yaml: |-
    ---
    name: skynet
    type: frequency
    limit_execution: "0/10 * * * *"
    index: wpng-httpd-perf-*
    num_events: 1
    top_count_keys: ["Host_Id", "Host_Group"]
    timeframe:
      minutes: 15   
    filter:
    - query:
        query_string:
            query: "Host_Group.keyword:ZOOKEEPER_ZK1_QA"
    alert:
    - "email"
    email_format: html
    aggregation:
      minutes: 15
    aggregation_key: 'Host_Id'
    email:
    - "johndoe@skynet.com"          
    from_addr: "sam@skynet.com"
    alert_subject: "PLOT1 at {0}."
    alert_subject_args:
    - "@timestamp"
    alert_text: "Hi Team,<br><br/> {0} ERROR event(s) detected in last 15 minutes <br/><br>Hosts where errors are detected :</br> Host_Id is {1} <br></br><br></br> <br>Here are a few of those :</br><br> messages {2} </br><br> </br><br/><br>bye.</br><br></br><br>Thanks <br></br> "
    alert_text_type: alert_text_only
    alert_text_args:
    - num_matches
    - Host_Id
    - message
    - top_count_keys

Answer 1

以下代码对我有用。

 PLOTTHREE.yaml: |-
---
name: PLOTTHREE
type: frequency
limit_execution: "0/15 * * * *"
index: home-*
num_events: 1
aggregation:
  minutes: 10
include:
  - Host_Group
  - Host_Id
timeframe:
  minutes: 15   
filter:
- query:
    query_string:
        query: "Host_Group.keyword:fatal"
alert:
- "email"
email:
- "john@doe.com"          
from_addr: "yyy@doe.com"
alert_subject: "PLOTTHREE - ERROR detected in Kafka Zookeeper logs of host group fatal at {0}."
alert_subject_args:
- "@timestamp"
alert_text: "Hello Team, ERROR event(s) detected in last 15 minutes. Hosts where errors are detected in {0}. Here is the num events {1} . "
alert_text_type: alert_text_only
alert_text_args:
- Host_Id
- num_matches