Breaking changes

• metric_agg_script with metric_agg_type: percentiles now applies the percentile_range to the Elasticsearch query. Previously, this was ignored and ElastAlert2 always evaluated the first percentile (p1). If you relied on that behavior, you may need to update your configuration. - #1738 - @koooommmm

New features

• [LINE Message API] Add LINE Messaging API Alerter - #1724 - @nsano-rururu

Other changes

• [Zabbix] Migrating from py-zabbix to python-zabbix-utils - #1722 - @nsano-rururu
• [Docs] Correct webex webhook alerter example - #1c8f79f - @jertel
• [Docs] Updated elastalert.rst and alerts.rst and fixed broken links - #1741 - @nsano-rururu

Contributors

• @jertel
• @nsano-rururu
• @koooommmm

Breaking changes

• None

New features

• Add support for loading custom Jinja2 filters - #1700 - @anroots-by

Other changes

• Fix percentile metric_aggregation rule error for rules with compound query keys - #1701 - @jhatcher1
• Support Python 3.14 - #1706 - @nsano-rururu
• Update library: boto3 to 1.40.59 - #1706 - @nsano-rururu
• Update library: cffi to 2.0.0 - #1706 - @nsano-rururu
• Update library: jinja2 to 3.1.6 - #1706 - @nsano-rururu
• Update library: jira to 3.10.5 - #1706 - @nsano-rururu
• Update library: jsonschema to 4.25.1 - #1706 - @nsano-rururu
• Update library: prettytable to 3.16.0 - #1706 - @nsano-rururu
• Update library: prometheus-client to 0.23.1 - #1706 - @nsano-rururu
• Update library: pyyaml to 6.0.3 - #1706 - @nsano-rururu
• Update library: requests to 2.32.5 - #1706 - @nsano-rururu
• Update library: tencentcloud-sdk-python to 3.0.1479 - #1706 - @nsano-rururu
• Update library: twilio to 9.8.4 - #1706 - @nsano-rururu
• Update build libraries: pylint, pytest, pytest-cov, pytest-xdist, sphinx, tox - #1706 - @nsano-rururu
• Update docs build to use Ubuntu 24.40 and Python 3.13 - #1708 - @jertel
• Cleanup unused imports - #1708 - @jertel
• [Jira] Updated for Jira Cloud API deprecation - #1709 - @leesmith110
• Reduce unnecessary ES queries when checking for silenced rules - #1715 - @zpcc
• [Chatwork] Fix Chatwork - #1716 - @nsano-rururu

Contributors

• @leesmith110
• @jertel
• @nsano-rururu
• @zpcc
• @jhatcher1
• @anroots-by

Breaking changes

• None

New features

• Now supporting Elasticsearch 9 and OpenSearch 3 - #1682 - @jertel

Other changes

• Removed specific version requirement for Elastic Kibana and OpenSearch Discover - #1682 - @jertel
• If --end argument falls in the past then at least one full run cycle will now complete before exiting - #1694 - @nkormakov
• Add support for a ES_VERSION environment variable to override the Elasticsearch version - #1690 - @fabian-heib

Contributors

• @nkormakov
• @jertel
• @fabian-heib

Breaking changes

• [Helm] An unlikely breaking change could occur if this chart was previously deployed with namespace overrides. Deploy to a pre-prod environment before proceeding with production. - #1662 - @lepouletsuisse

New features

• [ServiceNow] Include arbitrary fields in ServiceNow tickets by including a service_now_additional_fields configuration stanza. - #1670 - @mitchell-es
• [SMSEagle] New SMSEagle alerter - #1671 - @marcin-smseagle

Other changes

• [Helm] Fix --namespace and namespaceOverride value in Helm charts - #1662 - @lepouletsuisse
• [Pager Duty] Expand pagerduty_v2_payload_custom_details to allow defaulting to value of provided key:value pair if the value is not found as a key in an elastalert match. - #1674 - @mark-trellix

Contributors

• @mitchell-es
• @lepouletsuisse
• @mark-trellix
• @marcin-smseagle

Breaking changes

• None

New features

• [MicrosoftPowerAutomate] Add support for 'ms_power_automate_webhook_url_from_field' option to dynamically select the webhook URL from the match. - #1623 - @aizerin
• Add Webex Incoming Webhook alerter - #1635 - @dennis-trapp
• Support jinja2 templates in alertmanager_labels and alertmanager_annotations - #1642 - @tgxworld
• [Helm] Add support of update strategy in the deployment #1646 - @efazenda
• Add Flashduty alerter - #1649 - @pijiang3

Other changes

• Fix schema.yaml to support Kibana 8.17 - #1631 - @vpiserchia
• [Helm] Clarified documentation around rootRulesFolder - @jertel
• [IRIS] Fix iris.py to overcome a description overwriting bug - #1643 - @jmolletAMNH
• Add metric_<metric_key>_formatted and metric_agg_value_formatted to metric aggregation when using compound query keys - #1647 - @dennis-trapp
• Remove lineNotifyAlerter #1638 - @nsano-rururu
• Fixed an issue where the test-docker command would cause an error when running old docker-compose #1638 - @nsano-rururu

Contributors

• @efazenda
• @vpiserchia
• @tgxworld
• @jertel
• @aizerin
• @nsano-rururu
• @pijiang3
• @jmolletAMNH
• @dennis-trapp

Breaking changes

• None

New features

• [Helm] Add optional liveness and readiness probe - #1604 - @aizerin
• Add include_rule_params_in_matches rule parameter to enable copying of specific rule params into match data - #1605 - @jertel
• [Helm] Add --prometheus_addr command line parameter to allow binding the Prometheus metrics server on a different host address - #1608 - @tgxworld

Other changes

• [Docs] Add missing documentation of the aggregation_alert_time_compared_with_timestamp_field option. - #1588 - @nicolasnovelli
• Fix linter error reporting about return type assignation in elastalert/test_rule.py. - #1594 - @thican
• Add support for Kibana 8.17 for Kibana Discover - #1597 - @nsano-rururu
• Resolve runtime deprecation warnings related to Elastic's 8.16 range filter changes - #1599 - @jertel
• Resolve test deprecation warnings related to prettytable enum changes - #1599 - @jertel
• Upgrade dependency pylint to 3.3.3 (build) - #1599 - @jertel
• Upgrade dependency pytest to 8.3.4 (build) - #1599 - @jertel
• Upgrade dependency pytest-cov to 6.0.0 (build) - #1599 - @jertel
• Upgrade dependency sphinx to 8.1.3 (build) - #1599 - @jertel
• Upgrade dependency sphinx_rtd_theme to 3.0.2 (build) - #1599 - @jertel
• Upgrade dependency tox to 4.23.2 (build) - #1599 - @jertel
• Upgrade dependency apscheduler to 3.11.0 - #1599 - @jertel
• Upgrade dependency boto3 to 1.35.92 - #1599 - @jertel
• Upgrade dependency cffi to 1.17.1 - #1599 - @jertel
• Upgrade dependency croniter to 6.0.0 - #1599 - @jertel
• Upgrade dependency jinja2 to 3.1.5 - #1599 - @jertel
• Upgrade dependency jira to 3.8.0 - #1599 - @jertel
• Upgrade dependency jsonpointer to 3.0.0 - #1599 - @jertel
• Upgrade dependency jsonschema to 4.23.0 - #1599 - @jertel
• Upgrade dependency prettytable to 3.12.0 - #1599 - @jertel
• Upgrade dependency prometheus-client to 0.21.1 - #1599 - @jertel
• Upgrade dependency pyyaml to 6.0.2 - #1599 - @jertel
• Upgrade dependency requests to 2.32.3 - #1599 - @jertel
• Upgrade dependency stomp.py to 8.2.0 - #1599 - @jertel
• Upgrade dependency tencentcloud-sdk-python to 3.0.1295 - #1599 - @jertel
• Upgrade dependency twilio to 9.4.1 - #1599 - @jertel
• [Spike] Fixes spike rule error when no data exists in the current time window - #1605 - @jertel
• [Spike] Fixes spike rule error when no data exists in the reference time window - #1610 - @jertel

Contributors

• @tgxworld
• @thican
• @jertel
• @aizerin
• @nsano-rururu
• @nicolasnovelli

Breaking changes

• Note that version 2.21 upgraded Python to 3.13 and unintentionally dropped support for Python 3.12. This release, restores support for Python 3.12, while continuing to use Python 3.13 in the official ElastAlert 2 Docker image. Python 3.12 support will be dropped in a future release. - #1585 - @jertel

New features

• None

Other changes

• None

Contributors

• @jertel

Breaking changes

• Be aware that this version dropped support for Python 3.12. It was re-added in the following release due to some distributions not yet supporting Python 3.13.

New features

• [Notifications] System error notifications can now be delivered via the same set of alerters as rule alerts - #1546 - @jertel
• [Notifications] New config option notify_all_errors supports all system errors, including loss of data connectivity - #1546 - @jertel

Other changes

• [Docs] Mention the two available Spike-rule metrics that are add into the match record - #1542 - @ulmako
• [OpsGenie] Corrected spelling of the opsgenie_default_receipients configuration option to opsgenie_default_recipients. Both variations will continue to work and a warning message will notify affected users. #1539 - @lstyles
• [OpsGenie] Prevent templated opsgenie_teams and opsgenie_recipients from being overwritten with evaluated values first time an alert is sent. #1540 #1539 - @lstyles
• [OpsGenie] Updated configuration schema with missing OpsGenie alerter properties. #1543 - @lstyles
• [Docs] Add missing documentation of the timestamp_field option - #1544 - @ApolloLV
• Add support for Kibana 8.14/8.15/8.16 for Kibana Discover - #1547,#1582 - @nsano-rururu, @jertel
• Upgrade pylint 3.1.0 to 3.3.1, pytest 8.0.2 to 8.3.3, pytest-cov 4.1.0 to 5.0.0, pytest-xdist 3.5.0 to 3.6.1, sphinx 7.2.6 to 8.0.2, sphinx_rtd_theme 2.0.0 to 3.0.1, tox 4.13.0 to 4.21.2 - #1550 - @nsano-rururu
• Upgrade to Python 3.13 - #1551 - @nsano-rururu
• [OpsGenie] Support dynamic opsgenie_addr values - #1563 - @mohamedelema17

Contributors

• @ulmako
• @lstyles
• @ApolloLV
• @jertel
• @nsano-rururu
• @mohamedelema17

Breaking changes

• Drop python3.9, python3.10, python3.11 from python_requires - #1528 - @kmurphy4
• [IRIS] Updated alert_title to leverage ElastAlert built-in create_title function. Updated alert_description to use ElastAlert2 built-in function create_alert_body if alert_description is not set within the rule - #1532 - @bvirgilioamnh

New features

• [MS Power Automate] New Alert Channel with Microsoft Power Automate - #1505 #1513 #1519 - @marssilva, @jertel
• [Matrix Hookshot] New Alerter for sending alerts to Matrix via Hookshot - #1525 - @jertel

Other changes

• [Indexer] Fixed fields types error on instance indexer_alert_config in schema.yml - #1499 - @OlehPalanskyi
• [IRIS] Changed alert_source field from static 'ElastAlert2' value to field iris_alert_source value with default of 'ElastAlert2' - #1531 - @bvirgilioamnh
• [IRIS] Fixed NoneType error raised in issue #1457 - #1533 - @bvirgilioamnh

New Contributors

• @marssilva made their first contribution in #1505
• @kmurphy4 made their first contribution in #1528
• @bvirgilioamnh made their first contribution in #1531

Full Changelog: 2.19.0...2.20.0

Contributors

• @marssilva
• @jertel
• @bvirgilioamnh
• @OlehPalanskyi
• @kmurphy4

Breaking changes

• None

New features

• Add indexer alerter - #1451 - @OlehPalanskyi

Other changes

• [Docs] Fixed typo in Alerta docs with incorrect number of seconds in a day. - @jertel
• Update GitHub actions to avoid running publish workflows on forked branches. - @jertel
• Rewrite _find_es_dict_by_key per discussion #1450 for fieldnames literally ending in .keyword #1459 - @jmacdone @jertel

Contributors

• @jertel
• @OlehPalanskyi
• @jmacdone