elastalert - Easy & Flexible Alerting With ElasticSearch

  •        48

ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch. ElastAlert works with all versions of Elasticsearch. If you have data being written into Elasticsearch in near real time and want to be alerted when that data matches certain patterns, ElastAlert is the tool for you. If you can see it in Kibana, ElastAlert can alert on it.




Related Projects

Search Guard - Rock solid Elasticsearch security on all levels

Search Guard is an Elasticsearch plugin that offers encryption, authentication, and authorization. It builds on Search Guard SSL and provides pluggable authentication and authorization modules in addition. Search Guard is fully compatible with Kibana, Logstash and Beats.

ReadonlyREST - The first Open Source Security plugin for Elasticsearch

Expose the high performance HTTP server embedded in Elasticsearch directly to the public, safely blocking any attempt to delete or modify your data. It provides support to enable HTTPS, Authentication and Authorization, Access control list, Rule based access and lot more. This plugin instead is just a lightweight pure-Java filtering layer. Even the SSL layer is provided as an extra Netty transport handler.

elasticsearch-gui - An angularJS client for elasticsearch as a plugin

Welcome to the Gui plugin for elasticsearch. Using this plugin you can explore your elasticsearch index. This plugin gives you a few different ways to start exploring. There is a way to search the repository in a way you would do it on a web site. You can enter keywords, do advanced search, use facets. Another way to explore the index is focussed on learning the structure of the actual executed query. You can enter a number of items to include in the query. You can enter fields, facets, highlighting, limit the indexes, limit the types. Finally there is a way to show some of the data in a graph. Since we use mainly JavaScript, it is possible to connect to a remote elasticsearch instance. To facilitate this, elasticsearch returns a specific html header.

Bigdesk - Live charts and statistics for Elasticsearch cluster.

Bigdesk helps to generate live charts and statistics for Elasticsearch cluster. It very easy to see how your Elasticsearch cluster is doing. It pulls data from Elasticsearch REST API and turns it into charts.

elasticsearch-learning-to-rank - Plugin to integrate Learning to Rank (aka machine learning for better relevance) with Elasticsearch

Rank Elasticsearch results using tree based (LambdaMART, Random Forest, MART) and linear models. Models are trained using the scores of Elasicsearch queries as features. You train offline using tooling such as with xgboost or ranklib. You then POST your model to a to Elasticsearch in a specific text format (the custom "ranklib" language, documented here). You apply a model using this plugin's ltr query. See blog post and the full demo (training and searching).Models are stored using an Elasticsearch script plugin. Tree-based models can be large. So we recommend increasing the script.max_size_in_bytes setting. Don't worry, just because tree-based models are verbose, doesn't nescesarilly imply they'll be slow.

kopf - Web admin interface for elasticsearch

kopf is a simple web administration tool for elasticsearch written in JavaScript + AngularJS + jQuery + Twitter bootstrap. It offers an easy way of performing common tasks on an elasticsearch cluster. Not every single API is covered by this plugin, but it does offer a REST client which allows you to explore the full potential of the ElasticSearch API.

elasticsearch-mapper-attachments - Mapper Attachments Type plugin for Elasticsearch

If you have a question about the plugin, please use discuss.elastic.co. If you want to report a bug, please use elasticsearch repository.The mapper attachments plugin lets Elasticsearch index file attachments in over a thousand formats (such as PPT, XLS, PDF) using the Apache text extraction library Tika.

Inquisitor - Site plugin for ElasticSearch to help understand and debug queries.

Inquisitor is a tool help understand and debug your queries in ElasticSearch. It support JSON Parsing and Formatting, Automatic Highlighting, Formatted Search Results, Analyzer testing, Tokenizer testing.

dejavu - The Missing Web UI for Elasticsearch

dejavu is the missing Web UI for Elasticsearch. Its goal is to build a modern Web UI (no page reloads, infinite scroll, filtered views, realtime updates) with 100% client side rendering. It is available today as a hosted app, chrome extension and as a docker image.

Mirage - An interactive query explorer for Elasticsearch

Mirage is a modern, open-source web based query explorer for Elasticsearch. It offers a blocks based GUI for composing Elasticsearch queries and comes with an on-the-fly transformer to show the corresponding JSON query API of Elasticsearch.

Jest - ElasticSearch Java Rest Client

Jest is a Java HTTP Rest client for ElasticSearch. ElasticSearch already has a Java API which is also used by ElasticSearch internally, but Jest fills a gap, it is the missing client for ElasticSearch Http Rest interface.

elasticsearch-dsl-py - High level Python client for Elasticsearch

Elasticsearch DSL is a high-level library whose aim is to help with writing and running queries against Elasticsearch. It is built on top of the official low-level client (elasticsearch-py).It provides a more convenient and idiomatic way to write and manipulate queries. It stays close to the Elasticsearch JSON DSL, mirroring its terminology and structure. It exposes the whole range of the DSL from Python either directly using defined classes or a queryset-like expressions.

elasticsearch-py - Official Python low-level client for Elasticsearch.

Official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.For a more high level client library with more limited scope, have a look at elasticsearch-dsl - a more pythonic library sitting on top of elasticsearch-py.

Elastic HQ - Sleek, intuitive, and powerful ElasticSearch Management and Monitoring

ElasticHQ provides monitoring, management, and querying web Interface for ElasticSearch instances and clusters. It provides support for Real Time Monitoring for Clusters, Manage Indices, Mappings, Shards, Aliases, and Nodes,Full Cluster Management. It works in your web browser, allowing you to manage and monitor your ElasticSearch clusters from anywhere at any time.

pyes - Python connector for ElasticSearch - the pythonic way to use ElasticSearch

pyes is a pythonic way to use ElasticSearch since 2010.This version requires elasticsearch 1.x or above. It's a pre release for pyes 1.x. Give a look to migrations documentation to upgrade you code for ElasticSearch 1.x.

ElasticSearch Paramedic - Simple tool to monitor ElasticSearch Clusters

Paramedic is a simple yet sexy tool to monitor and inspect ElasticSearch clusters. It displays real-time statistics and information about your nodes and indices, as well as shard allocation within the cluster.

elasticsearch-net - Elasticsearch.Net & NEST

Repository for both NEST and Elasticsearch.Net, the two official elasticsearch .NET clients.Please consult the current upgrading Elasticsearch guidelines to understand what you should consider when upgrading from an older version of Elasticsearch to a newer one.

elastic4s - Elasticsearch Scala Client - Non Blocking, Type Safe, HTTP, TCP

Elastic4s is a concise, idiomatic, reactive, type safe Scala client for Elasticsearch. The client can be used over both HTTP and TCP by choosing either of the elastic4s-http or elastic4s-tcp submodules. The official Elasticsearch Java client can of course be used in Scala, but due to Java's syntax it is more verbose and it naturally doesn't support classes in the core Scala core library nor Scala idioms.Elastic4s's DSL allows you to construct your requests programatically, with syntactic and semantic errors manifested at compile time, and uses standard Scala futures to enable you to easily integrate into an asynchronous workflow. The aim of the DSL is that requests are written in a builder-like way, while staying broadly similar to the Java API or Rest API. Each request is an immutable object, so you can create requests and safely reuse them, or further copy them for derived requests. Because each request is strongly typed your IDE or editor can use the type information to show you what operations are available for any request type.