DOKK / manpages / debian 12 / elastalert / elastalert-test-rule.1.en

elastalert-test-rule - elastalert-test-rule

usage: elastalert-test-rule [-h] [--schema-only] [--days DAYS] [--start START]

[--end END] [--stop-error] [--formatted-output]
[--data FILENAME] [--alert] [--save-json FILENAME] [--use-downloaded] [--max-query-size MAX_QUERY_SIZE] [--count-only] [--config CONFIG] rule

Validate a rule configuration

rule configuration filename

show this help message and exit
Show only schema errors; do not run query
Query the previous N days with this rule
YYYY-MM-DDTHH:MM:SS Start querying from this timestamp.
YYYY-MM-DDTHH:MM:SS Query to this timestamp. (Default: present) Use "NOW" to start from current time. (Default: present)
Stop the entire test right after the first error
Output results in formatted JSON
A JSON file containing data to run the rule against
Use actual alerts instead of debug output
A file to which documents from the last day or --days will be saved
Use the downloaded
Maximum size of any query
Only display the number of documents matching the filter
Global config file.
December 2022 elastalert-test-rule 0.2.4-3