elastalert sends multiple email alerts instead of sending an aggregated email

Question

Instead of sending one alert, ElastAlert sends email for each document which mapped. Below is my rule file. It works but I want alerts in one email. Please help any suggestion will be appreciated.

skynet.yaml: |-
    ---
    name: skynet
    type: frequency
    limit_execution: "0/10 * * * *"
    index: wpng-httpd-perf-*
    num_events: 1
    top_count_keys: ["Host_Id", "Host_Group"]
    timeframe:
      minutes: 15   
    filter:
    - query:
        query_string:
            query: "Host_Group.keyword:ZOOKEEPER_ZK1_QA"
    alert:
    - "email"
    email_format: html
    aggregation:
      minutes: 15
    aggregation_key: 'Host_Id'
    email:
    - "[email protected]"          
    from_addr: "[email protected]"
    alert_subject: "PLOT1 at {0}."
    alert_subject_args:
    - "@timestamp"
    alert_text: "Hi Team,<br><br/> {0} ERROR event(s) detected in last 15 minutes <br/><br>Hosts where errors are detected :</br> Host_Id is {1} <br></br><br></br> <br>Here are a few of those :</br><br> messages {2} </br><br> </br><br/><br>bye.</br><br></br><br>Thanks <br></br> "
    alert_text_type: alert_text_only
    alert_text_args:
    - num_matches
    - Host_Id
    - message
    - top_count_keys

Answer 1

Below code worked for me.

 PLOTTHREE.yaml: |-
---
name: PLOTTHREE
type: frequency
limit_execution: "0/15 * * * *"
index: home-*
num_events: 1
aggregation:
  minutes: 10
include:
  - Host_Group
  - Host_Id
timeframe:
  minutes: 15   
filter:
- query:
    query_string:
        query: "Host_Group.keyword:fatal"
alert:
- "email"
email:
- "[email protected]"          
from_addr: "[email protected]"
alert_subject: "PLOTTHREE - ERROR detected in Kafka Zookeeper logs of host group fatal at {0}."
alert_subject_args:
- "@timestamp"
alert_text: "Hello Team, ERROR event(s) detected in last 15 minutes. Hosts where errors are detected in {0}. Here is the num events {1} . "
alert_text_type: alert_text_only
alert_text_args:
- Host_Id
- num_matches