aws-labs.com

Practical DevOps guides

ElastAlert clear all realerts

GET elastalert/_search
{
  "size": 1,
  "_source": ["rule_name"],
  "query": {
    "match_all": {}
  },
  "sort": [
    {
      "alert_time": "desc"
    }
  ]
}

then delete:

POST elastalert/_delete_by_query?scroll_size=1000&scroll=5m&timeout=5m&wait_for_completion=true&conflicts=proceed
{
  "query": {
    "match_all": {}
  }
}


OR

POST elastalert/_delete_by_query
{
  "query": {
    "term": {
      "rule_name.keyword": "Generic Kafka Error"
    }
  }
}



OR

POST elastalert/_delete_by_query
{
  "query": {
    "term": {
      "type.keyword": "silence"
    }
  }
}



DELETE /elastalert
DELETE /elastalert_status
DELETE /elastalert_error
DELETE /past_elastalert
DELETE /silence