Praeco provides a user-friendly GUI for creating and managing Elasticsearch alerts, acting as a frontend for ElastAlert 2. It targets users who need to define complex alerting rules without direct YAML configuration, offering a visual query builder, result preview, and extensive notification integrations.

How It Works

Praeco leverages a fork of the ElastAlert API server, which interacts with the ElastAlert 2 Python daemon. This architecture allows Praeco to translate user-defined rules from its Vue.js interface into ElastAlert 2 configuration files. The API server handles rule testing, silencing, and modification, while the ElastAlert daemon executes the actual alerting logic against Elasticsearch.

Quick Start & Requirements

• Install and run using docker-compose up.
• Requires Elasticsearch instance IP address (not 127.0.0.1).
• Configuration for notifications is in rules/BaseRule.config.
• Official walkthrough article available.

Highlighted Details

• Supports 20+ notification channels including Slack, MS Teams, Email, PagerDuty, and Discord.
• Offers 10 rule types: Any, Blacklist, Whitelist, Change, Frequency, Flatline, Spike, Cardinality, New Term, and Metric Aggregation.
• Compatible with Elasticsearch 7.x and 8.x.
• Rules created in Praeco are 100% compatible with other ElastAlert 2 servers.

Maintenance & Community

• Maintainers: John Susek, Naoyuki Sano.
• Project is open source under GPLv3.

Licensing & Compatibility

• License: GPLv3.
• Compatible with commercial use, but the GPLv3 license requires any modifications or derivative works to also be open-sourced under the same license.

Limitations & Caveats

• Does not support importing existing ElastAlert 2 rules due to feature subset limitations and complexity.
• Explicitly states no obligation to fix bugs or add features, and limited obligation to respond to issues.
• Does not support Elasticsearch 5.x or 6.x (with specific version caveats for 6.x).
• Does not support OpenSearch or Amazon OpenSearch Service.