usage: elastalert [-h] [--config CONFIG] [--debug] [--rule
RULE]
- [--silence SILENCE] [--start START] [--end END] [--verbose] [--patience
TIMEOUT] [--pin_rules] [--es_debug] [--es_debug_trace ES_DEBUG_TRACE]
- -h, --help
- show this help message and exit
- --config
CONFIG
- Global config file (default: config.yaml)
- --debug
- Suppresses alerts and prints information instead. Not compatible with
`--verbose`
- --rule RULE
- Run only a specific rule (by filename, must still be in rules folder)
- --silence
SILENCE
- Silence rule for a time period. Must be used with --rule. Usage:
--silence <units>=<number>, eg. --silence
hours=2
- --start
START
- YYYY-MM-DDTHH:MM:SS Start querying from this timestamp. Use
"NOW" to start from current time. (Default: present)
- --end END
- YYYY-MM-DDTHH:MM:SS Query to this timestamp. (Default: present)
- --verbose
- Increase verbosity without suppressing alerts. Not compatible with
`--debug`
- --patience
TIMEOUT
- Maximum time to wait for ElasticSearch to become responsive. Usage:
--patience <units>=<number>. e.g. --patience
minutes=5
- --pin_rules
- Stop ElastAlert from monitoring config file changes
- --es_debug
- Enable verbose logging from Elasticsearch queries
- --es_debug_trace
ES_DEBUG_TRACE
- Enable logging from Elasticsearch queries as curl command. Queries will be
logged to file. Note that this will incorrectly display localhost:9200 as
the host/port