I am trying to set alert configuration using elastalert. IN the file example_frequency.yaml I am stuck in filter section, where if I try this
filter:
- match:
message: "Could not connect to mongoDB"
In that case It alerts me on matching every single word So I am getting alerts which I don't want. I also tried query-filter but didn't get the solution. Is there any misconfiguration I am doing
try using keyword fields instead to filter out exact matches
filter:
- match:
message.keyword: "Could not connect to mongoDB"
Alternate Filter:
- query:
query_string:
query: 'message.keyword: "Could not connect to mongoDB"'