allow elastalert to query across clusters

dougburks · Jan 4, 2018 · 0d9ff75 · 0d9ff75
1 parent a5675a3
commit 0d9ff75
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/etc/elastalert/rules/bro_conn.yaml b/etc/elastalert/rules/bro_conn.yaml
@@ -15,7 +15,7 @@ type: frequency
 
 # (Required)
 # Index to search, wildcard supported
-index: logstash-bro*
+index: "*:logstash-bro*"
 
 use_strftime_index: true
 

diff --git a/etc/elastalert/rules/ids.yaml b/etc/elastalert/rules/ids.yaml
@@ -3,7 +3,7 @@ es_host: elasticsearch
 es_port: 9200
 name: Security Onion ElastAlert - New IDS Event!
 type: frequency
-index: logstash-ids*
+index: "*:logstash-ids*"
 num_events: 1
 timeframe:
     minutes: 1