Merge branch 'master' into jertel/not

CHANGELOG.md

@@ -11,6 +11,8 @@
 - [Docs] Mention the two available Spike-rule metrics that are add into the match record - [#1542](https://github.com/jertel/elastalert2/pull/1542) - @ulmako
 - [OpsGenie] Corrected spelling of the `opsgenie_default_receipients` configuration option to `opsgenie_default_recipients`. Both variations will continue to work and a warning message will notify affected users. [#1539](https://github.com/jertel/elastalert2/pull/1539) - @lstyles
 - [OpsGenie] Prevent templated `opsgenie_teams` and `opsgenie_recipients` from being overwritten with evaluated values first time an alert is sent. [#1540](https://github.com/jertel/elastalert2/issues/1540) [#1539](https://github.com/jertel/elastalert2/pull/1539) - @lstyles
+- [OpsGenie] Updated configuration schema with missing OpsGenie alerter properties. [#1543](https://github.com/jertel/elastalert2/pull/1543) - @lstyles
+- [Docs] Add missing documentation of the timestamp_field option - [#1544](https://github.com/jertel/elastalert2/pull/1544) - @apollolv
 
 # 2.20.0
 

docs/source/ruletypes.rst

@@ -142,6 +142,8 @@ Rule Configuration Cheat Sheet
 +--------------------------------------------------------------+           +
 | ``buffer_time`` (time, default from config.yaml)             |           |
 +--------------------------------------------------------------+           |
+| ``timestamp_field`` (string, default "@timestamp")           |           |
++--------------------------------------------------------------+           |
 | ``timestamp_type`` (string, default iso)                     |           |
 +--------------------------------------------------------------+           |
 | ``timestamp_format`` (string, default "%Y-%m-%dT%H:%M:%SZ")  |           |
@@ -971,6 +973,14 @@ summary_suffix
 
 ``summary_suffix``: Specify a suffix string, which will be added after the aggregation summary table. This string is currently not subject to any formatting.
 
+timestamp_field
+^^^^^^^^^^^^^^^
+
+``timestamp_field``: Specify the name of the document field containing the timestamp. 
+By default, the field ``@timestamp`` is used to query Elasticsearch. 
+If ``timestamp_field`` is set, this date field will be considered whenever querying, filtering and aggregating based on timestamps.
+(Optional, string, default @timestamp).
+
 timestamp_type
 ^^^^^^^^^^^^^^
 

elastalert/schema.yaml

@@ -101,6 +101,14 @@ definitions:
   arrayOfIrisIocFields: &arrayOfIrisIocFields
     type: array
     items: *irisIocField
+
+  opsGenieArgs: &opsGenieArgs
+    type: object
+    additionalProperties: false
+    minProperties: 0
+    patternProperties:
+      "^.+$":
+        type: string
 
 required: [type, index, alert]
 type: object
@@ -723,17 +731,12 @@ properties:
   ms_power_automate_teams_card_width_full: {type: boolean}
 
   ### Opsgenie
-  opsgenie_key: {type: string}
   opsgenie_account: {type: string}
   opsgenie_addr: {type: string}
-  opsgenie_description: {type:string}
-  opsgenie_message: {type: string}
   opsgenie_alias: {type: string}
-  opsgenie_subject: {type: string}
-  opsgenie_priority: {type: string}
-  opsgenie_proxy: {type: string}
-  opsgenie_source: {type: string}
-  opsgenie_entity: {type: string}
+  opsgenie_default_recipients: *arrayOfString
+  opsgenie_default_teams: *arrayOfString
+  opsgenie_description: {type:string}
   opsgenie_details:
     type: object
     minProperties: 1
@@ -746,6 +749,20 @@ properties:
             required: [field]
             properties:
               field: {type: string, minLength: 1}
+  opsgenie_entity: {type: string}
+  opsgenie_key: {type: string}
+  opsgenie_message: {type: string}
+  opsgenie_priority: {type: string}
+  opsgenie_proxy: {type: string}
+  opsgenie_recipients_args: *opsGenieArgs
+  opsgenie_recipients: *arrayOfString
+  opsgenie_source: {type: string}
+  opsgenie_subject: {type: string}
+  opsgenie_subject_args: *arrayOfString
+  opsgenie_tags: *arrayOfString
+  opsgenie_teams_args: *opsGenieArgs
+  opsgenie_teams: *arrayOfString
+
 
   ### PagerDuty
   pagerduty_service_key: {type: string}