Exposing Rule Metrics

Configuration

Running ElastAlert with --prometheus_port configuration flag will expose ElastAlert 2 Prometheus metrics on the specified port. Prometheus metrics are disabled by default.

To expose ElastAlert rule metrics on port 9979 run the following command:

$ elastalert --config config.yaml --prometheus_port 9979

Rule Metrics

The metrics being exposed are related to the ElastAlert metadata indices. The exposed metrics are in the Prometheus text-based format. Metrics are of the metric type counter or gauge and follow the Prometheus metric naming.

In the standard metric definition, the metric names are structured as follows:

elastalert_{metric}_{unit}

Where:

  • {metric} is a unique name of the metric. For example, hits.

  • {unit} is the unit of measurement of the metric value. For example, total is a counter type metric and created is a gauge type metric.

All metrics except elastalert_errors_{unit} have values that apply to a particular rule name. In the exported metrics, these can be identified using the rule_name Prometheus label.

Find below all available metrics:

METRIC

Type

Description

Label

elastalert_scrapes_{unit}

Counter, Gauge

Number of scrapes

rule_name

elastalert_hits_{unit}

Counter, Gauge

Number of hits

rule_name

elastalert_matches_{unit}

Counter, Gauge

Number of matches

rule_name

elastalert_time_taken_{unit}

Counter, Gauge

Time taken in seconds

rule_name

elastalert_alerts_sent_{unir}

Counter, Gauge

Number of alerts sent

rule_name

elastalert_alerts_not_sent_{unit}

Counter, Gauge

Number of alerts not sent

rule_name

elastalert_alerts_silenced_{unit}

Counter, Gauge

Number of silenced alerts

rule_name

elastalert_errors_{unit}

Counter, Gauge

Number of errors