-
|
Is there a way to prevent alerts when re-indexing? I have had to do some re-indexing to correct some mapping, and have been getting false positives alerts when I do so. I have been using a custom timestamp_field to try to avoid issues like this. example alert: name: example So for example I might reindex "test_data" and its example_timestamp has a value of 2001-01-01. I wouldn't want alerts for something like that, where that timestamp field is much older then a week. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
Is it alerting on old-indexed data? Or is this concern primarily on recent data (within 7 days) that has been re-indexed? |
Beta Was this translation helpful? Give feedback.
-
|
Sorry for the lack of clarity! It's alerting on old data that I have re-indexed withing the last 7 days. For example I had a index that was 2 years old, that gave me new alerts when I reindexed it. |
Beta Was this translation helpful? Give feedback.
-
|
Interesting. Did the newly indexed records get a new timestamp in that timestamp_field you setup? |
Beta Was this translation helpful? Give feedback.
-
|
It did! The timestamp_field used is automatically filled by a ingest pipeline. I have override disabled, but I also was editing that pipeline at the time. Entirely possible I might have not had it disabled at the time! I'll try to replicate it, and if its updating, then that's a Elasticsearch problem, not Elastalert :) |
Beta Was this translation helpful? Give feedback.
It did! The timestamp_field used is automatically filled by a ingest pipeline. I have override disabled, but I also was editing that pipeline at the time. Entirely possible I might have not had it disabled at the time! I'll try to replicate it, and if its updating, then that's a Elasticsearch problem, not Elastalert :)