I'm using elastalert2 to alert users if the requirement is hit within the elasticsearch data. The rule that I've used is the following:
name: "Test email alert"
type: "any"
index: "es-test"
query_delay:
minutes: 60
aggregation:
minutes: 6
timestamp_field: "timestamp"
filter:
- term:
keyword: "ELASTALERT"
alert:
- "email"
email:
- "[email protected]"
alert_subject: "Test Email Alert - {0}"
alert_subject_args:
- "%Y-%m-%d %H:%M:%S"
alert_text:
'<p>
This is a test email alert....
</p>'
alert_text_type: alert_text_only
email_format: html
smtp_host: smtp.gmail.com
smtp_port: 465
smtp_ssl: true
smtp_auth_file: /home/smtp_auth_file.yaml
from_addr: [email protected]
The issue is since the subject does not have a date, all the emails get cascaded together. I have tried adding a subject_args like in the rule above but it did not work out:-
The output has subject : "Test Email Alert - "
I needed help to add a date and time to the email.