diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py
index 81b367a53..b00a11072 100644
--- a/tools/sigma/backends/elasticsearch.py
+++ b/tools/sigma/backends/elasticsearch.py
@@ -300,6 +300,7 @@ class ElasticsearchQuerystringBackend(DeepFieldMappingMixin, ElasticsearchWildca
             return result
         else:
             return super().generateSubexpressionNode(node)
+
 class ElasticsearchQuerystringBackendLogRhythm(DeepFieldMappingMixin, ElasticsearchWildcardHandlingMixin, SingleTextQueryBackend):
     """Converts Sigma rule into Lucene query string for LogRhythm. Only searches, no aggregations."""
     identifier = "es-qs-lr"
@@ -365,8 +366,7 @@ class ElasticsearchQuerystringBackendLogRhythm(DeepFieldMappingMixin, Elasticsea
             return result
         else:
             return super().generateSubexpressionNode(node)
-        
-        
+
 class ElasticsearchEQLBackend(DeepFieldMappingMixin, ElasticsearchWildcardHandlingMixin, SingleTextQueryBackend):
     """Converts Sigma rule into EQL."""
     identifier = "es-eql"
diff --git a/tools/sigma/sigmac.py b/tools/sigma/sigmac.py
index 50196933b..0da400c2b 100755
--- a/tools/sigma/sigmac.py
+++ b/tools/sigma/sigmac.py
@@ -33,6 +33,7 @@ from sigma.backends.base import BackendOptions
 from sigma.backends.exceptions import BackendError, NotSupportedError, PartialMatchError, FullMatchError
 from sigma.parser.modifiers import modifiers
 import codecs
+import copy
 
 sys.stdout = codecs.getwriter('utf-8')(sys.stdout.detach())
 
@@ -249,11 +250,9 @@ def main():
             parser = SigmaCollectionParser(f, sigmaconfigs, rulefilter, sigmafile)
             results = parser.generate(backend)
             
-            nb_result = len(list(parser.generate(backend)))
-            if nb_result > 1 :
-                inc_filenane = 0
-            else:
-                inc_filenane = None
+            nb_result = len(list(copy.deepcopy(results)))
+            inc_filenane = None if nb_result < 2 else 0
+
             
             newline_separator = '\0' if cmdargs.print0 else '\n'
             for result in results:
@@ -275,6 +274,25 @@ def main():
                         print("Failed to open output file '%s': %s" % (filename, str(e)), file=sys.stderr)
                         exit(ERR_OUTPUT)
                 print(result, file=out, end=newline_separator)
+            
+            if nb_result == 0: # elastalert return "results=[]" so get a error with out not def
+                if not fileprefix == None and not inc_filenane == None: #yml action
+                    try:
+                        filename = fileprefix + str(sigmafile.name)
+                        filename = filename.replace('.yml','_' + str(inc_filenane) + filename_ext)
+                        inc_filenane += 1
+                        out = open(filename, "w", encoding='utf-8')
+                    except (IOError, OSError) as e:
+                        print("Failed to open output file '%s': %s" % (filename, str(e)), file=sys.stderr)
+                        exit(ERR_OUTPUT)
+                elif  not fileprefix == None and inc_filenane == None: # a simple yml
+                    try:
+                        filename = fileprefix + str(sigmafile.name)
+                        filename = filename.replace('.yml',filename_ext) 
+                        out = open(filename, "w", encoding='utf-8')
+                    except (IOError, OSError) as e:
+                        print("Failed to open output file '%s': %s" % (filename, str(e)), file=sys.stderr)
+                        exit(ERR_OUTPUT) 
         
         except OSError as e:
             print("Failed to open Sigma file %s: %s" % (sigmafile, str(e)), file=sys.stderr)