From 57271cddd31f46e667e2cfc38d3b950c21c10f20 Mon Sep 17 00:00:00 2001 From: "LUCAS-PC\\lucas" Date: Fri, 27 Sep 2024 00:32:29 +0100 Subject: [PATCH 1/6] schema update --- elastalert/schema.yaml | 42 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/elastalert/schema.yaml b/elastalert/schema.yaml index 59d83297..99e4d100 100644 --- a/elastalert/schema.yaml +++ b/elastalert/schema.yaml @@ -96,6 +96,14 @@ definitions: arrayOfIrisIocFields: &arrayOfIrisIocFields type: array items: *irisIocField + + opsGenieArgs: &opsGenieArgs + type: object + additionalProperties: false + minProperties: 0 + patternProperties: + "^.+$": + type: string required: [type, index, alert] type: object @@ -714,17 +722,12 @@ properties: ms_power_automate_teams_card_width_full: {type: boolean} ### Opsgenie - opsgenie_key: {type: string} opsgenie_account: {type: string} opsgenie_addr: {type: string} - opsgenie_description: {type:string} - opsgenie_message: {type: string} opsgenie_alias: {type: string} - opsgenie_subject: {type: string} - opsgenie_priority: {type: string} - opsgenie_proxy: {type: string} - opsgenie_source: {type: string} - opsgenie_entity: {type: string} + opsgenie_default_recipients: *arrayOfString + opsgenie_default_teams: *arrayOfString + opsgenie_description: {type:string} opsgenie_details: type: object minProperties: 1 @@ -737,6 +740,29 @@ properties: required: [field] properties: field: {type: string, minLength: 1} + opsgenie_entity: {type: string} + opsgenie_key: {type: string} + opsgenie_message: {type: string} + opsgenie_priority: {type: string} + opsgenie_proxy: {type: string} + opsgenie_recipients_args: + oneOf: + - *arrayOfString + - *opsGenieArgs + opsgenie_recipients: *arrayOfString + opsgenie_source: {type: string} + opsgenie_subject: {type: string} + opsgenie_subject_args: + oneOf: + - *arrayOfString + - *opsGenieArgs + opsgenie_tags: *arrayOfString + opsgenie_teams_args: + oneOf: + - *arrayOfString + - *opsGenieArgs + opsgenie_teams: *arrayOfString + ### PagerDuty pagerduty_service_key: {type: string} From c4cba0cd6c657afd2068d9603523ee8734852fcd Mon Sep 17 00:00:00 2001 From: Jan Drees Date: Fri, 27 Sep 2024 09:48:38 +0200 Subject: [PATCH 2/6] Add timestamp_field to the documentation --- docs/source/ruletypes.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index 8b57fe1e..60bc8a32 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -142,6 +142,8 @@ Rule Configuration Cheat Sheet +--------------------------------------------------------------+ + | ``buffer_time`` (time, default from config.yaml) | | +--------------------------------------------------------------+ | +| ``timestamp_field`` (string, default "@timestamp") | | ++--------------------------------------------------------------+ | | ``timestamp_type`` (string, default iso) | | +--------------------------------------------------------------+ | | ``timestamp_format`` (string, default "%Y-%m-%dT%H:%M:%SZ") | | @@ -971,6 +973,14 @@ summary_suffix ``summary_suffix``: Specify a suffix string, which will be added after the aggregation summary table. This string is currently not subject to any formatting. +timestamp_field +^^^^^^^^^^^^^^ + +``timestamp_field``: Specify the name of the document field containing the timestamp. +By default, the field ``@timestamp`` is used to query Elasticsearch. +If ``timestamp_field`` is set, this date field will be considered whenever querying, filtering and aggregating based on timestamps. +(Optional, string, default @timestamp). + timestamp_type ^^^^^^^^^^^^^^ From 5ba2087795985add93831c0bbd7a05c377746667 Mon Sep 17 00:00:00 2001 From: Jan Drees Date: Fri, 27 Sep 2024 11:58:41 +0200 Subject: [PATCH 3/6] Add doc change to CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 061559e0..82a03798 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ ## Other changes - [Docs] Mention the two available Spike-rule metrics that are add into the match record - [#1542](https://github.com/jertel/elastalert2/pull/1542) - @ulmako +- [Docs] Add missing documentation of the timestamp_field option - [#1544](https://github.com/jertel/elastalert2/pull/1544) - @apollolv # 2.20.0 From bd1689a7078c5fb0b6c5f16cf22be3e55144687e Mon Sep 17 00:00:00 2001 From: Jan Drees Date: Fri, 27 Sep 2024 12:10:58 +0200 Subject: [PATCH 4/6] Add a missing ^ in the docs --- docs/source/ruletypes.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index 60bc8a32..890fe82c 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -974,7 +974,7 @@ summary_suffix ``summary_suffix``: Specify a suffix string, which will be added after the aggregation summary table. This string is currently not subject to any formatting. timestamp_field -^^^^^^^^^^^^^^ +^^^^^^^^^^^^^^^ ``timestamp_field``: Specify the name of the document field containing the timestamp. By default, the field ``@timestamp`` is used to query Elasticsearch. From ef0a3eea3c29b4a3b3e0869503b5cd8008d7a52a Mon Sep 17 00:00:00 2001 From: "LUCAS-PC\\lucas" Date: Fri, 27 Sep 2024 11:55:50 +0100 Subject: [PATCH 5/6] schema updates --- elastalert/schema.yaml | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/elastalert/schema.yaml b/elastalert/schema.yaml index 99e4d100..9cfc9d18 100644 --- a/elastalert/schema.yaml +++ b/elastalert/schema.yaml @@ -745,22 +745,13 @@ properties: opsgenie_message: {type: string} opsgenie_priority: {type: string} opsgenie_proxy: {type: string} - opsgenie_recipients_args: - oneOf: - - *arrayOfString - - *opsGenieArgs + opsgenie_recipients_args: *opsGenieArgs opsgenie_recipients: *arrayOfString opsgenie_source: {type: string} opsgenie_subject: {type: string} - opsgenie_subject_args: - oneOf: - - *arrayOfString - - *opsGenieArgs + opsgenie_subject_args: *arrayOfString opsgenie_tags: *arrayOfString - opsgenie_teams_args: - oneOf: - - *arrayOfString - - *opsGenieArgs + opsgenie_teams_args: *opsGenieArgs opsgenie_teams: *arrayOfString From 235cb6d8733e290abdac8da26a67bc5afa0f18f5 Mon Sep 17 00:00:00 2001 From: "LUCAS-PC\\lucas" Date: Fri, 27 Sep 2024 11:57:10 +0100 Subject: [PATCH 6/6] updated changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index df5b49e4..87c02c75 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ - [Docs] Mention the two available Spike-rule metrics that are add into the match record - [#1542](https://github.com/jertel/elastalert2/pull/1542) - @ulmako - [OpsGenie] Corrected spelling of the `opsgenie_default_receipients` configuration option to `opsgenie_default_recipients`. Both variations will continue to work and a warning message will notify affected users. [#1539](https://github.com/jertel/elastalert2/pull/1539) - @lstyles - [OpsGenie] Prevent templated `opsgenie_teams` and `opsgenie_recipients` from being overwritten with evaluated values first time an alert is sent. [#1540](https://github.com/jertel/elastalert2/issues/1540) [#1539](https://github.com/jertel/elastalert2/pull/1539) - @lstyles +- Updated configuration schema with missing OpsGenie alerter properties. [#1543](https://github.com/jertel/elastalert2/pull/1543) - @lstyles # 2.20.0