diff --git a/CHANGELOG.md b/CHANGELOG.md index 0d9a0d3d..11f791b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ - [Docs] Mention the two available Spike-rule metrics that are add into the match record - [#1542](https://github.com/jertel/elastalert2/pull/1542) - @ulmako - [OpsGenie] Corrected spelling of the `opsgenie_default_receipients` configuration option to `opsgenie_default_recipients`. Both variations will continue to work and a warning message will notify affected users. [#1539](https://github.com/jertel/elastalert2/pull/1539) - @lstyles - [OpsGenie] Prevent templated `opsgenie_teams` and `opsgenie_recipients` from being overwritten with evaluated values first time an alert is sent. [#1540](https://github.com/jertel/elastalert2/issues/1540) [#1539](https://github.com/jertel/elastalert2/pull/1539) - @lstyles +- [OpsGenie] Updated configuration schema with missing OpsGenie alerter properties. [#1543](https://github.com/jertel/elastalert2/pull/1543) - @lstyles +- [Docs] Add missing documentation of the timestamp_field option - [#1544](https://github.com/jertel/elastalert2/pull/1544) - @apollolv # 2.20.0 diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index 8b57fe1e..890fe82c 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -142,6 +142,8 @@ Rule Configuration Cheat Sheet +--------------------------------------------------------------+ + | ``buffer_time`` (time, default from config.yaml) | | +--------------------------------------------------------------+ | +| ``timestamp_field`` (string, default "@timestamp") | | ++--------------------------------------------------------------+ | | ``timestamp_type`` (string, default iso) | | +--------------------------------------------------------------+ | | ``timestamp_format`` (string, default "%Y-%m-%dT%H:%M:%SZ") | | @@ -971,6 +973,14 @@ summary_suffix ``summary_suffix``: Specify a suffix string, which will be added after the aggregation summary table. This string is currently not subject to any formatting. +timestamp_field +^^^^^^^^^^^^^^^ + +``timestamp_field``: Specify the name of the document field containing the timestamp. +By default, the field ``@timestamp`` is used to query Elasticsearch. +If ``timestamp_field`` is set, this date field will be considered whenever querying, filtering and aggregating based on timestamps. +(Optional, string, default @timestamp). + timestamp_type ^^^^^^^^^^^^^^ diff --git a/elastalert/schema.yaml b/elastalert/schema.yaml index d2ea4d91..c9fff6c9 100644 --- a/elastalert/schema.yaml +++ b/elastalert/schema.yaml @@ -101,6 +101,14 @@ definitions: arrayOfIrisIocFields: &arrayOfIrisIocFields type: array items: *irisIocField + + opsGenieArgs: &opsGenieArgs + type: object + additionalProperties: false + minProperties: 0 + patternProperties: + "^.+$": + type: string required: [type, index, alert] type: object @@ -723,17 +731,12 @@ properties: ms_power_automate_teams_card_width_full: {type: boolean} ### Opsgenie - opsgenie_key: {type: string} opsgenie_account: {type: string} opsgenie_addr: {type: string} - opsgenie_description: {type:string} - opsgenie_message: {type: string} opsgenie_alias: {type: string} - opsgenie_subject: {type: string} - opsgenie_priority: {type: string} - opsgenie_proxy: {type: string} - opsgenie_source: {type: string} - opsgenie_entity: {type: string} + opsgenie_default_recipients: *arrayOfString + opsgenie_default_teams: *arrayOfString + opsgenie_description: {type:string} opsgenie_details: type: object minProperties: 1 @@ -746,6 +749,20 @@ properties: required: [field] properties: field: {type: string, minLength: 1} + opsgenie_entity: {type: string} + opsgenie_key: {type: string} + opsgenie_message: {type: string} + opsgenie_priority: {type: string} + opsgenie_proxy: {type: string} + opsgenie_recipients_args: *opsGenieArgs + opsgenie_recipients: *arrayOfString + opsgenie_source: {type: string} + opsgenie_subject: {type: string} + opsgenie_subject_args: *arrayOfString + opsgenie_tags: *arrayOfString + opsgenie_teams_args: *opsGenieArgs + opsgenie_teams: *arrayOfString + ### PagerDuty pagerduty_service_key: {type: string}