A flexible framework for alerting on anomalies, spikes, or patterns in Elasticsearch data.
ElastAlert is an open-source alerting framework that queries Elasticsearch data to detect anomalies, spikes, or specific patterns and triggers notifications. It solves the need for proactive monitoring and alerting on log or time-series data that Kibana alone does not provide. Users define rules to match events, and ElastAlert executes alerts through various channels like email, Slack, or PagerDuty.
DevOps engineers, SREs, and developers who use Elasticsearch and Kibana for log management and need automated alerting on data patterns or inconsistencies.
It offers a flexible, modular framework with multiple built-in rule types and alert integrations, making it easy to set up custom monitoring without building alerting infrastructure from scratch.
Easy & Flexible Alerting With ElasticSearch
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Supports multiple rule types like frequency, spike, and flatline, enabling detection of diverse patterns such as rate changes or event absences without custom coding.
Built-in alerts for over a dozen services including Slack, PagerDuty, and AWS SNS, with modular design allowing custom alerts for flexible notification workflows.
Alerts can include direct links to Kibana dashboards, providing immediate context for investigation and reducing mean time to resolution.
Features like top_count_keys and periodic aggregation schedules allow combining alerts into summaries, reducing noise for operational teams.
Officially no longer maintained by Yelp, with critical bugs and compatibility issues unresolved; users are directed to ElastAlert2 for updates.
Lacks native support for resolve events or warning thresholds, requiring duplicate rules for different severity levels, increasing configuration complexity.
Can be slow with large datasets, necessitating manual optimizations like use_strftime_index or adjusted buffer_time, which add tuning burden.
Setting up rules requires deep understanding of Elasticsearch queries and YAML formatting, with pitfalls like unanalyzed fields causing missed matches.