custom fields in elastalert index created in elasticsearch
ElastAlert updates metadata related to the rules in the elastalert_status index in the elasticsearch. The fields available in that index have fields like:
alert_info
alert_time
endtime
exponent
hits
matches
message
rule_type
traceback
until
additionally some fields that store the match_body. but for each sub-fields kibana shows 
All these fields seem to have originated from the query_key but as there is not mapped field for them they are inaccessible in the kibana visualization
(the error: no catched mapping for these fields. Refresh fields' list from the management > Index Patterns page),
refreshing which doesn't help.
I have tried adding fields that i require with include directive (in the rule file), but no success.
Does anybody have any solution for getting specific fields in the elastalert_status index? that can be used in visualization.
Haven't tried but giving logstash as output for elastalert will help adding the fields on basis of the content of message but not sure if it may word. anyways it's not best possible solution.
version of ELK stack 5.1.2
changing the code in create_index.py with 'match_body' : {'enabled': False to True.... creates the respective mapping in the elasticsearch elastalert_status index.
- How to configure Elastic.Serilog.Sinks 8.11 in ASP.NET Core 8 web app?
- Elasticsearch store field vs _source
- OpenSearch python client authentication error
- How to check Elasticsearch cluster health?
- Elasticsearch curl request not working as expected in Angular 4
- oauth2_proxy for basic auth login
- How to implement CompositeAggregationSource with springboot 3.2.10 and elasticsearch 8.12.1
- Elasticsearch: Failed to connect to localhost port 9200 - Connection refused
- Running Elasticsearch and OpenSearch on Docker-compose
- low disk watermark [??%] exceeded on
- elasticsearch python: ConnectTimeoutError
- Unable to start Elastic Search 8 and Kibana using Docker
- How do i use shell variables in .sh file for a elasticsearch curl POST
- Stopwords do not work in Ukrainian [Elasticsearch]
- How to view the different values in a geopoint to a Data table in Kibana Elasticsearch Maps
- Not able to start elastic search service
- Can I filter an array in elastic?
- Pyspark Streaming data to Elastic search index from Kafka topic , running in Jupyter notebook, causing failure
- How to move shards around in a cluster
- OData services with Elastic search
- How to query elasticsearch from spring with LocalDate
- Elasticsearch query to get values of multiple attributes
- I want to sort my elastic search aggregation data with most recent login for each user by there name
- bucket_script inside filter aggregation throws error
- Elasticsearch delete_by_query version conflict
- Case insensitive exact match in ElasticSearch
- How do I enable remote access/request in Elasticsearch 2.0?
- Fluent-bit - Splitting json log into structured fields in Elasticsearch
- Elasticsearch Devtools Queries (Regexp/Wildcard) - Not Working
- Elastic Search Analyzer at search time not working