Skip to main content
Push ElastAlert2 alerts to Flashduty via webhook, to achieve automatic alert noise reduction.

In Flashduty

You can obtain an integration push URL through either of these two methods:

Using Dedicated Integration

Choose this method when you don’t need to route alert events to different channels. It’s simpler and recommended.

Using Shared Integration

Choose this method when you need to route alerts to different channels based on the alert event’s payload information.

In ElastAlert 2

Configure ElastAlert 2 Alerts

Follow the ElastAlert Flashduty push configuration document
  1. Create or edit the alert rule file, for example rules/elastalert2_alert.yaml.
  2. Fill in the flashduty alert type in the alert field.
  3. Fill in the integrated integration key in the flashduty_integration_key field.
  4. The flashduty_title and flashduty_event_status are required fields, and other fields can be filled in as needed. For the field definitions, please refer to the following table.
FieldRequiredTypeDefinition
titlestringThe alert title, it cannot exceed 512 characters.
event_statusstringThe alert status. Enum values (capitalized): Critical:severe, Warning:warning, Info:reminder, Ok:recovery. When specified as Ok, it means automatic recovery of the alert.
alert_keystringThe alert identifier, used to update or automatically recover existing alerts. You can customize this value, but it cannot exceed 255 characters. You can also rely on the system to automatically generate this value, which will be returned in the response. If you report a recovery event, this value must exist.
descriptionstringThe alert description
checkstringThe alert check item
resourcestringThe alert resource
servicestringThe alert service name
metricstringThe alert metric name
groupstringThe alert group
clusterstringThe alert cluster
appstringThe alert application
envstringThe alert environment

name: "elastalert2 alert"
type: "frequency"
index: "pgy_audit*"
is_enabled: true
num_events: 1
realert:
  minutes: 1
terms_size: 50
scan_entire_timeframe: true
timeframe:
  minutes: 60
timestamp_field: "created_at"
timestamp_type: "unix_ms"
use_strftime_index: false
alert_subject: "Test {0} 123 aa☃ {1}"
alert_subject_args:
  - "account_id"
  - "operation"
alert_text: "Test {0}  123 bb☃ {1}"
alert_text_args:
  - "request_id"
  - "operation_name"
filter:
  - query:
      query_string:
        query: "created_at:*"

# ------- Flashduty ----------------
alert: flashduty
flashduty_integration_key: "xxxx"
flashduty_title: "elastalert2 alert"
flashduty_event_status: "Warning"
flashduty_alert_key: "abc"
flashduty_description: "log error"
flashduty_check: "log error"
flashduty_resource: "10.1.1.1"
flashduty_service: "service1"
flashduty_metric: "error"
flashduty_group: "group1"
flashduty_cluster: "bj"
flashduty_app: "app1"
flashduty_env: "dev"
# ------- Flashduty ----------------
  1. Restart ElastAlert and wait for the alert to trigger.