Quentin Long

You seem to have removed half of the file as part of the changes.

The mapping occasionally fails to apply cleanly, I'm not entirely sure why. The fix for this is to delete the elastalert_status index and try running elastalert-create-index again. Also, elastalert only...

From the documentation: "All documents must have a timestamp field. ElastAlert will try to use @timestamp by default, but this can be changed with the `timestamp_field` option"

This makes a lot of sense to add and looks alright to me. Thanks a ton. I think we can also keep the non aggregated version as well though. It...

Could you make markdown optional or escape the rule_name somehow? Other people might be relying on it.