Exposing Rule Metrics

Configuration

Running ElastAlert with --prometheus_port configuration flag will expose ElastAlert 2 Prometheus metrics on the specified port. Prometheus metrics are disabled by default.

To expose ElastAlert rule metrics on port 9979 run the following command:

$ elastalert --config config.yaml --prometheus_port 9979

The --prometheus_addr configuration flag can also be used to bind the Prometheus metrics server to a different host address.

$ elastalert --config config.yaml --prometheus_port 9979 --prometheus_addr "::"

Rule Metrics

The metrics being exposed are related to the ElastAlert 2 metadata indices. The exposed metrics are in the Prometheus text-based format. Metrics are of the metric type counter or gauge and follow the Prometheus metric naming.

In the standard metric definition, the metric names are structured as follows:

elastalert_{metric}_{unit}

Where:

• {metric} is a unique name of the metric. For example, hits.

• {unit} is the unit of measurement of the metric value. For example, total is a counter type metric and created is a gauge type metric.

All metrics except elastalert_errors_{unit} have values that apply to a particular rule name. In the exported metrics, these can be identified using the rule_name Prometheus label.

Find below all available metrics:

METRIC	Type	Description	Label
elastalert_scrapes_{unit}	Counter, Gauge	Number of scrapes	rule_name
elastalert_hits_{unit}	Counter, Gauge	Number of hits	rule_name
elastalert_matches_{unit}	Counter, Gauge	Number of matches	rule_name
elastalert_time_taken_{unit}	Counter, Gauge	Time taken in seconds	rule_name
elastalert_alerts_sent_{unir}	Counter, Gauge	Number of alerts sent	rule_name
elastalert_alerts_not_sent_{unit}	Counter, Gauge	Number of alerts not sent	rule_name
elastalert_alerts_silenced_{unit}	Counter, Gauge	Number of silenced alerts	rule_name
elastalert_errors_{unit}	Counter, Gauge	Number of errors