2.4.0

Breaking changes

• Add support for Elasticsearch 8, remove support for Elasticsearch 6 and below - #744 - @ferozsalam, @jertel, and @nsano-rururu
  WARNING! Read the ES 8 upgrade notes BEFORE upgrading your cluster to Elasticsearch 8. Failure to do so can result in your cluster no longer starting and unable to rollback to 7.x.
• Kibana dashboard integration has been removed, as it only was supported with older versions of Elasticsearch and Kibana. Per the above breaking change those older versions are no longer supported by ElastAlert 2.
• Dockerfile refactor for app home and user home to be the same directory (/opt/elastalert/). Before app home is /opt/elastalert/ and user home is /opt/elastalert/elastalert. After app home and user home are the same /opt/elastalert/ - #656

New features

• [MS Teams] Kibana Discover URL and Facts - #660 - @thib12
• Add support for Kibana 7.17 for Kibana Discover - #695 - @nsano-rururu
• Added a fixed name metric_agg_value to MetricAggregationRule match_body - #697 - @iamxeph

Other changes

• Load Jinja template when loading an alert - #654 - @thib12
• Upgrade tox 3.24.4 to 3.24.5 - #655 - @nsano-rururu
• Upgrade sphinx 4.3.2 to 4.4.0 - #661 - @nsano-rururu
• [Docs] Fix Running Docker container - #674 - @nsano-rururu
• [Exotel] Added exotel_message_body to schema.yaml - #685 - @nsano-rururu
• Upgrade Pytest 6.2.5 to 7.0.0 - #696 - @nsano-rururu
• python-dateutil version specification change - #704 - @nsano-rururu
• Update minimum versions for third-party dependencies in requirements.txt and setup.py - #705 - @nsano-rururu
• [Docs] Document updates for Alerts and email addresses etc - #706 - @nsano-rururu
• [Docs] Update of RuleType Configuration Cheat Sheet - #707 - @nsano-rururu
• Upgrade Pytest 7.0.0 to 7.0.1 - #710 - @nsano-rururu
• Fixing jira_transition_to schema bug. Change property type from boolean to string - #721 - @toxisch
• Begin Elasticsearch 8 support - ElastAlert 2 now supports setup with fresh ES 8 instances, and works with some alert types - #731 - @ferozsalam
• Enable dynamic setting of rules volume in helm chart - #732 - @ChrisFraun
• Do not install tests via pip install - #733 - @buzzdeee
• [Docs] Add Elasticsearch 8 support documentation - #735 - @ferozsalam
• Remove download_dashboard - #740 - @nsano-rururu
• [Docs] Added documentation for metric|spike aggregation rule types for percentiles - e682ea8- @jertel
• [Jira] Add support for Jira authentication via Personal Access Token - #750 - @buzzdeee
• [Docs] Update docs Negation, and, or - #754 - @nsano-rururu
• Remove call to print from elastalert.py - #755 - @ferozsalam
• [Docs] Added dingtalk_proxy, dingtalk_proxy_login, dingtalk_proxy_pass to docs - #756 - @nsano-rururu

2.3.0

Breaking changes

• [Kubernetes] The helm chart repository has changed. The new repository is located at https://jertel.github.io/elastalert2/. This was necessary due to the previous chart museum hosting service, Bonzai Cloud, terminating it's chart hosting service on January 21, 2022. - @jertel

New features

• Add metric_agg_script to MetricAggregationRule #558 - @dequis
• [Alertmanager] Add support for basic authentication - #575 - @nsano-rururu
• Add support for Kibana 7.16 for Kibana Discover - #612 - @nsano-rururu
• [MS Teams] Add support for disabling verification of SSL certificate - #628 - @nsano-rururu

Other changes

• sphinx 4.2.0 to 4.3.0 and tzlocal==2.1 - #561 - @nsano-rururu
• jinja2 3.0.1 to 3.0.3 - #562 - @nsano-rururu
• Fix get_rule_file_hash TypeError - #566 - @JeffAshton
• Ensure schema.yaml stream closed - #567 - @JeffAshton
• Fixing import bugs & memory leak in RulesLoader/FileRulesLoader - #580 - @JeffAshton
• sphinx 4.3.0 to 4.3.1 - #588 - @nsano-rururu
• pytest-xdist 2.4.0 to 2.5.0 - #615 - @nsano-rururu
• sphinx 4.3.1 to 4.3.2 - #618 - @nsano-rururu
• Remove unused parameter boto-profile - #622 - @nsano-rururu
• [Docs] Include Docker example; add additional FAQs - #623 - @nsano-rururu
• Add support for URL shortening with Kibana 7.16+ - #633 - @jertel
• [example] URL correction of information about Elasticsearch - #642 - @nsano-rururu
• pylint 2.11.1 to 2.12.2 - #651 - @nsano-rururu

2.2.3

Breaking changes

• None

New features

• [Alertmanager] Added support for Alertmanager - #503 - @nsano-rururu
• Add summary_table_max_rows optional configuration to limit rows in summary tables - #508 - @mdavyt92
• Added support for shortening Kibana Discover URLs using Kibana Shorten URL API - #512 - @JeffAshton
• Added new alerter HTTP Post 2 which allow more flexibility to build the body/headers of the request. - #530 - @lepouletsuisse
• [Slack] Added new option to include url to jira ticket if it is created in the same pipeline. - #547 - @Hugefarsen
• Added support for multi ElasticSearch instances. - #548 - @buratinopy

Other changes

• [Docs] Add exposed metrics documentation - #498 - @thisisxgp
• [Tests] Fix rules_test.py - #499 - @nsano-rururu
• Upgrade to Python 3.10 and Sphinx 4.2.0 - #501 - @jertel
• max_scrolling_count now has a default value of 990 to avoid stack overflow crashes - #509 - @jertel
• Update pytest 6.2.5, pytest-cov 3.0.0, pytest-xdist 2.4.0, pylint<2.12, tox 3.24.4 - #511 - @nsano-rururu
• Added a check on the value of the path "rules_folder" to make sure it exists - #519 - @AntoineBlaud
• [OpsGenie] Fix tags on subsequent alerts - #537 - @jertel

2.2.2

Breaking changes

• None

New features

• Added support for markdown style formatting of aggregation tables - #415 - @Neuro-HSOC
• [OpsGenie] Add support for custom description - #457, #460 - @nickbabkin
• [Tencent SMS] Added support for Tencent SMS - #470 - @liuxingjun
• Add support for Kibana 7.15 for Kibana Discover - #481 - @nsano-rururu
• Begin working toward support of OpenSearch (beta) #483 @nbrownus

Other changes

• [Rule Test] Fix issue related to --start/--end/--days params - #424, #433 - @thican
• Changed the wording of ElastAlert to ElastAlert 2 and Update FAQ -#446 - @nsano-rururu
• Add missing show_ssl_warn and silence_qk_value params to docs - #469 - @jertel
• [OpsGenie] Clarify documentation for URL endpoint to use in European region - #475 - @nsano-rururu
• [Docs] The documentation has been updated as the name of Amazon Elasticsearch Service has changed to Amazon OpenSearch Service. - #478 - @nsano-rururu
• [Tests] Improve test coverage of tencentsms.py - #479 - @liuxingjun
• [Docs] Tidy Exotel documentation - #488 - @ferozsalam

2.2.1

Breaking changes

• None in this release, but as this is a quick patch for 2.2.0 which does have breaking changes, please review that release's changes.

New features

• None in this release, but as this is a quick patch for 2.2.0, please review that release's new features.

Other changes

• Fixed config lookup bug accidentally introduced in #407

2.2.0

Breaking changes

• [VictorOps] Changed state_message and entity_display_name values to be taken from an alert rule. - #329 - @ChristophShyper
  • Potentially a breaking change if the alert subject changes due to the new default behavior.
• Change metric/percentage rule types to store query_key as dict, instead of string, for consistency with other rule types. #340 - @AntoineBlaud

New features

• [Kubernetes] Adding Image Pull Secret to Helm Chart - #370 - @robrankin
• Apply percentage_format_string to match_body percentage value; will appear in new percentage_formatted key - #387 - @iamxeph
• Add support for Kibana 7.14 for Kibana Discover - #392 - @nsano-rururu
• Add metric_format_string optional configuration for Metric Aggregation to format aggregated value - #399 - @iamxeph
• Make percentage_format_string support format() syntax in addition to old %-formatted syntax - #403 - @iamxeph
• Add custom_pretty_ts_format option to provides a way to define custom format of timestamps printed by pretty_ts() function - #407 - @perceptron01

Other changes

• [Tests] Improve test code coverage - #331 - @nsano-rururu
• [Docs] Upgrade Sphinx from 4.0.2 to 4.1.2- #332 #343 #344 #369 - @nsano-rururu
• Ensure hit count returns correct value for newer ES clusters - #333 - @JeffAshton
• [Tests] Upgrade Tox from 3.23.1 to 3.24.1 - #345 #388 - @nsano-rururu
• Upgrade Jinja from 2.11.3 to 3.0.1 - #350 - @mrfroggg
• [Tests] Add test code. Changed ubuntu version of Dockerfile-test from latest to 21.10. - #354 - @nsano-rururu
• Remove Python 2.x compatibility code - #354 - @nsano-rururu
• [Docs] Added Chatwork proxy settings to documentation - #360 - @nsano-rururu
• Add settings to schema.yaml(Chatwork proxy, Dingtalk proxy) - #361 - @nsano-rururu
• [Docs] Tidy Twilio alerter documentation - #363 - @ferozsalam
• [Tests] Improved test coverage for opsgenie.py 96% to 100% - #364 - @nsano-rururu
• [Docs] Update mentions of JIRA to Jira - #365 - @ferozsalam
• [Docs] Tidy Datadog alerter documentation - #380 - @ferozsalam

2.1.2

Breaking changes

• None

New features

• [Rocket.Chat] Add support for generating Kibana Discover URLs to Rocket.Chat alerter - #260 - @nsano-rururu
• [Jinja] Provide rule key/values as possible Jinja data inputs - #281 - @mrfroggg
• [Kubernetes] Add securityContext and podSecurityContext to Helm chart - #289 - @lepouletsuisse
• [Rocket.Chat] Add options: rocket_chat_ca_certs, rocket_chat_ignore_ssl_errors, rocket_chat_timeout - #302 - @nsano-rururu
• [Jinja] Favor match keys over colliding rule keys when resolving Jinja vars; also add alert_text_jinja unit test - #311 - @mrfroggg
• [Opsgenie] Added possibility to specify source and entity attrs - #315 - @konstantin-kornienko
• [ServiceNow] Add support for servicenow_impact and servicenow_urgency parameters for ServiceNow alerter - #316 - @randolph-esnet
• [Jinja] Add Jinja support to alert_subject - #318 - @mrfroggg
  @lepouletsuisse
• Metrics will now include time_taken, representing the execution duration of the rule - #324 - @JeffAshton

Other changes

• [Prometheus] Continue fix for prometheus wrapper writeback function signature - #256 - @greut
• [Stomp] Improve exception handling in alerter - #261 - @nsano-rururu
• [AWS] Improve exception handling in Amazon SES and SNS alerters - #264 - @nsano-rururu
• [Docs] Clarify documentation for starting ElastAlert 2 - #265 - @ferozsalam
• Add exception handling for unsupported operand type - #266 - @nsano-rururu
• [Docs] Improve documentation for Python build requirements - #267 - @nsano-rururu
• [DataDog] Correct alerter logging - #268 - @nsano-rururu
• [Docs] Correct parameter code documentation for main ElastAlert runner - #269 - @ferozsalam
• [Command] alerter will now fail during init instead of during alert if given invalid command setting - #270 - @nsano-rururu
• [Docs] Consolidate all examples into a new examples/ sub folder - #271 - @ferozsalam
• [TheHive] Add example rule with Kibana Discover URL and query values in alert text - #276 - @markus-nclose
• Upgrade pytest-xdist from 2.2.1 to 2.3.0; clarify HTTPS support in docs; Add additional logging - #283 - @nsano-rururu
• [Tests] Add more alerter test coverage - #284 - @nsano-rururu
• [Tests] Improve structure and placement of test-related files in project tree - #287 - @ferozsalam
• Only attempt to adjust timezone if timezone is set to a non-empty string - #288 - @ferozsalam
• [Kubernetes] Deprecated podSecurityPolicy feature in Helm Chart as it's deprecated in Kubernetes 1.21 - #289 - @lepouletsuisse
• [Slack] Fix slack_channel_override schema - #291 - @JeffAshton
• [Rocket.Chat] Fix rocket_chat_channel_override schema - #293 - @nsano-rururu
• [Tests] Increase code coverage - #294 - @nsano-rururu
• [Docs] Added Kibana Discover sample - #295 - @nsano-rururu
• [AWS] Remove deprecated boto_profile setting - #299 - @nsano-rururu
• [Slack] Correct slack_alert_fields schema definition - #300 - @nsano-rururu
• [Tests] Correct code coverage to eliminate warnings - #301 - @nsano-rururu
• Eliminate unnecessary calls to Elasticsearch - #303 - @JeffAshton
• [Zabbix] Fix timezone parsing - #304 - @JeffAshton
• Improve logging of scheduler - #305 - @JeffAshton
• [Jinja] Update Jinja from 2.11.3 to 3.0.1; Improve handling of colliding variables - #311 - @mrfroggg
• [TheHive] Force observable artifacts to be strings - #313 - @pandvan
• Upgrade pylint from <2.9 to <2.10 - #314 - @nsano-rururu
• [ChatWork] Enforce character limit - #319 - @nsano-rururu
• [LineNotify] Enforce character limit - #320 - @nsano-rururu
• [Discord] Remove trailing backticks from alert body - #321 - @nsano-rururu
• Redirecting warnings to logging module - #325 - @JeffAshton

2.1.1

Breaking changes

• None

New features

• Add support for RocketChat - #182 - @nsano-rururu
• Expose rule scheduler properties as configurable settings - #192 - @jertel
• Exclude empty observables from TheHive requests - #193 - @LaZyDK
• Ensure TheHive tags are converted to strings before submitting TheHive request - #206 - @LaZyDK
• Add support for Elasticsearch API key authentication - #208 - @vbisserie
• Add support for Elasticsearch 7.13 for building Kibana Discover URLs - #212 - @nsano-rururu
• Follow symbolic links when traversing rules folder for rule files - #214 - @vbisserie
• Support optional suppression of SSL log warnings when http-posting alerts - #222 - @nsano-rururu
• Add support for inclusion of Kibana Discover URLs in MatterMost messages - #239 - @nsano-rururu
• Add support for inclusion of alert Title in MatterMost messages - #246 - @nsano-rururu

Other changes

• Speed up unit tests by adding default parallelism - #164 - @ferozsalam
• Remove unused writeback_alias and fix --patience argument - #167 - @mrfroggg
• Fix Bearer token auth in initialisation script - #169 - @ferozsalam
• Finish refactoring alerters and tests into individual files - #175, et al - @ferozsalam
• Improve HTTP POST alert documentation - #178 - @nsano-rururu
• Upgrade Sphinx from 3.5.4 to 4.0.2 - #179 - @nsano-rururu
• Fix Sphinx dependency version - #181 - @ferozsalam
• Switch to absolute imports - #198 - @ferozsalam
• Encode JSON output before writing test data - #215 - @vbisserie
• Update pytest from 6.0.0 to 6.2.4 - #223 - @nsano-rururu
• Ensure ChatWork alerter fails to initialize if missing required args - #224 - @nsano-rururu
• Ensure DataDog alerter fails to initialize if missing required args - #225 - @nsano-rururu
• Ensure DingTalk alerter fails to initialize if missing required args - #226 - @nsano-rururu
• Ensure Zabbix alerter fails to initialize if missing required args - #227 - @nsano-rururu
• MS Teams alerter no longer requires ms_teams_alert_summary arg - #228 - @nsano-rururu
• Improve Gitter alerter by explicitly specifying arg names - #230 - @nsano-rururu
• Add more alerter test code coverage - #231 - @nsano-rururu
• Upgrade pytest-cov from 2.12.0 to 2.12.1 - #232 - @nsano-rururu
• Migrate away from external test mock dependency - #233 - @nsano-rururu
• Improve ElastAlert 2 documentation relating to running scenarios - #234 - @ferozsalam
• Improve test coverage and correct dict lookup syntax for alerter init functions - #235 - @nsano-rururu
• Fix schema bug with MatterMost alerts - #239 - @nsano-rururu
• Fix prometheus wrapper writeback function signature - #253 - @greut

2.1.0

Breaking changes

• TheHive alerter refactoring - #142 - @ferozsalam
  • See the updated documentation for changes required to alert formatting
• Dockerfile refactor for performance and size improvements - #102 - @jgregmac
  • Dockerfile base image changed from python/alpine to python/slim-buster to take advantage of pre-build python wheels, accelerate build times, and reduce image size. If you have customized an image, based on jertel/elastalert2, you may need to make adjustments.
  • Default base path changed to /opt/elastalert in the Dockerfile and in Helm charts. Update your volume binds accordingly.
  • Dockerfile now runs as a non-root user "elastalert". Ensure your volumes are accessible by this non-root user.
  • System packages removed from the Dockerfile: All dev packages, cargo, libmagic. Image size reduced to 250Mb.
  • tmp files and dev packages removed from the final container image.

New features

• Support for multiple rules directories and fix ..data Kubernetes/Openshift recursive directories in FileRulesLoader #157 - @mrfroggg
• Support environment variable substition in yaml files - #149 - @archfz
• Update schema.yaml and enhance documentation for Email alerter - #144 - @nsano-rururu
• Default Email alerter to use port 25, and require http_post_url for HTTP Post alerter - #143 - @nsano-rururu
• Support extra message features for Slack and Mattermost - #140 - @nsano-rururu
• Support a footer in alert text - #133 - @nsano-rururu
• Added support for alerting via Amazon Simple Email System (SES) - #105 - @nsano-rururu

Other changes

• Begin alerter refactoring to split large source code files into smaller files - #161 - @ferozsalam
• Update contribution guidelines with additional instructions for local testing - #147, #148 - @ferozsalam
• Add more unit test coverage - #108 - @nsano-rururu
• Update documentation: describe limit_execution, correct alerters list - #107 - @fberrez
• Fix issue with testing alerts that contain Jinja templates - #101 - @jertel
• Updated all references of Elastalert to use the mixed case ElastAlert, as that is the most prevalent formatting found in the documentation.

2.0.4

Breaking changes

• None

New features

• Update python-dateutil requirement from <2.7.0,>=2.6.0 to >=2.6.0,<2.9.0 - #96 - @nsano-rururu
• Update pylint requirement from <2.8 to <2.9 - #95 - @nsano-rururu
• Pin ES library to 7.0.0 due to upcoming newer library conflicts - #90 - @robrankin
• Re-introduce CHANGELOG.md to project - #88 - @ferozsalam
• Add option for suppressing TLS warnings - #87 - @alvarolmedo
• Add support for Twilio Copilot - #86 - @cdmastercom
• Support bearer token authentication with ES - #85 - @StribPav
• Add support for statsd metrics - #83 - @eladamitpxi
• Add support for multiple imports of rules via recursive import - #83 - @eladamitpxi
• Specify search size of 0 to improve efficiency of searches - #82 - @clyfish
• Add alert handler to create Datadog events - #81 - @3vanlock

Other changes

• Added missing Helm chart config.yaml template file.
• Update .gitignore with more precise rule for /config.yaml file.
• Now publishing container images to both DockerHub and to GitHub Packages for redundancy.
• Container images are now built and published via GitHub actions instead of relying on DockerHub's automated builds.
• Update PIP library description and Helm chart description to be consistent.
• Continue updates to change references from Elastalert to Elastalert 2