From 4ce2e441e7358a931dbd6efa8fa8fec6f0e26b27 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Sun, 28 Jul 2019 11:31:53 +0200
Subject: [PATCH] Close elastalert alerts if they contain "new_value=up"

---
 templates/elastalert/plugin.py | 5 +++++
 templates/elastalert/setup.py  | 6 ++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/templates/elastalert/plugin.py b/templates/elastalert/plugin.py
index 43c3c02..8116bd9 100644
--- a/templates/elastalert/plugin.py
+++ b/templates/elastalert/plugin.py
@@ -1,3 +1,4 @@
+import json
 import logging
 
 from alerta.plugins import PluginBase
@@ -14,6 +15,10 @@ class Elastalert(PluginBase):
         super().__init__()
 
     def pre_receive(self, alert, **kwargs):
+        if alert.service.pop() == 'elastalert':
+            if alert.raw_data.find('\nnew_value: [\n    \"up\"\n]') > 0:
+                alert.severity = 'normal'
+                alert.status = 'closed'
         return alert
 
     def post_receive(self, alert, **kwargs):
diff --git a/templates/elastalert/setup.py b/templates/elastalert/setup.py
index 189306c..b7fd2fa 100644
--- a/templates/elastalert/setup.py
+++ b/templates/elastalert/setup.py
@@ -12,8 +12,10 @@ setup(
     author='Jürgen Haas',
     author_email='juergen.haas@lakedrops.com',
     packages=find_packages(),
-    py_modules=[],
-    install_requires=[],
+    py_modules=['alerta_elastalert'],
+    install_requires=[
+        'requests'
+    ],
     include_package_data=True,
     zip_safe=True,
     entry_points={
-- 
GitLab