启动时，提示IndentationError: unexpected indent

[weihc02]

[root@iZ94rc264jtZ elastalert]# python2.7 -m elastalert.elastalert --verbose --config config.yaml --rule es_rules/wechart.yaml /usr/lib/python2.7/site-packages/requests/init.py:80: RequestsDependencyWarning: urllib3 (1.22) or chardet (2.2.1) doesn't match a supported version! RequestsDependencyWarning) Traceback (most recent call last): File "/usr/lib64/python2.7/runpy.py", line 162, in _run_module_as_main "main", fname, loader, pkg_name) File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code exec code in run_globals File "/usr/local/elastalert/elastalert/elastalert.py", line 1925, in sys.exit(main(sys.argv[1:])) File "/usr/local/elastalert/elastalert/elastalert.py", line 1919, in main client = ElastAlerter(args) File "/usr/local/elastalert/elastalert/elastalert.py", line 108, in init self.conf = load_rules(self.args) File "elastalert/config.py", line 500, in load_rules rule = load_configuration(rule_file, conf, args) File "elastalert/config.py", line 133, in load_configuration load_modules(rule, args) File "elastalert/config.py", line 382, in load_modules rule['alert'] = load_alerts(rule, alert_field=rule['alert']) File "elastalert/config.py", line 440, in load_alerts alert_field = [create_alert(a, b) for a, b in alert_field] File "elastalert/config.py", line 425, in create_alert alert_class = alerts_mapping.get(alert) or get_module(alert) File "elastalert/config.py", line 110, in get_module base_module = import(module_path, globals(), locals(), [module_class]) File "elastalert_modules/wechat_qiye_alert.py", line 24 def init(self, *args): IndentationError: unexpected indent

py脚本是直接git下载，语法检查也看不什么问题？

[Hello-Linux]

@weihc02 你好,这个问题问题已经修复了,主要是本地包含了特殊字符导致的.如果还有其他问题请留言

[weihc02]

好的，我再试下，可以考虑支持docker 镜像？

[weihc02]

ERROR:root:Error running query: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [@timestamp] in order to sort on') INFO:elastalert:Ran schedule from 2019-02-21 12:41 CST to 2019-02-21 12:56 CST: 0 query hits (0 already seen), 0 matches, 0 alerts sent INFO:elastalert:Sleeping for 59.980169 seconds

模式是@timestamp查询自动，elk默认不是这个，要去哪里修改？

[Hello-Linux]

@weihc02 恩恩谢谢你的提议,下周我就发布到docker hub上. 运行 curl -XGET 'http://elasticsearch地址:9200/elastalert_status/_mapping/'

有没有类似的输出

里面应该有@timestamp这个字段的

[Hello-Linux]

@weihc02 你的"@timestamp 在elastalert_status索引中存在么？ elastalert-create-index` 运行了么?

[weihc02]

在config.py 我把默认的改了，重新运行

INFO:elastalert:Queried rule schedule from 2019-02-21 13:08 CST to 2019-02-21 13:11 CST: 1 / 1 hits /usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) /usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) INFO:elastalert:send msg and response: {"errcode":0,"errmsg":"ok","invaliduser":"15999552312"} INFO:elastalert:send message to ww10575631340b7ca8

[weihc02]

curl -XGET 'http://127.0.0.1:9200/elastalert_status/_mapping/' {"elastalert_status":{"mappings":{"elastalert":{"properties":{"@timestamp":{"type":"date","format":"dateOptionalTime"},"aggregate_id":{"type":"keyword"},"alert_info":{"properties":{"type":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"alert_sent":{"type":"boolean"},"alert_time":{"type":"date","format":"dateOptionalTime"},"match_body":{"type":"object","enabled":false},"match_time":{"type":"date","format":"dateOptionalTime"},"rule_name":{"type":"keyword"}}}}}}[root@iZ94rc264jtZ elastalert]

[Hello-Linux]

@weihc02 现在正常了么?

[weihc02]

不正常，没有推到微信。INFO:elastalert:send msg and response: {"errcode":0,"errmsg":"ok","invaliduser":"15999552312"}

这个是无效的用户，微信号是手机号码，怎么会是invaliduser？

[Hello-Linux]

@weihc02 这个要用你微信企业通讯录中的账号ID,我刚更新了代码图片你可以看看去

[weihc02]

是的，确实是这个问题，改了之后可以了。谢谢。期待docker 镜像，更加方便。

[Hello-Linux]

@weihc02 记得加个星星呦! 镜像下周一上

[weihc02]

ok

[weihc02]

用了镜像，启动了一会，就自动停止了，请问日志输出再什么地方？

[weihc02]

Traceback (most recent call last): File "/usr/local/bin/elastalert-create-index", line 11, in load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert-create-index')() File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/create_index.py", line 129, in main esversion = es.info()["version"]["number"] File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 76, in _wrapped return func(*args, params=params, **kwargs) File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/init.py", line 241, in info return self.transport.perform_request('GET', '/', params=params) File "/usr/local/lib/python2.7/site-packages/elasticsearch/transport.py", line 318, in perform_request status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout) File "/usr/local/lib/python2.7/site-packages/elasticsearch/connection/http_requests.py", line 84, in perform_request raise ConnectionTimeout('TIMEOUT', str(e), e) elasticsearch.exceptions.ConnectionTimeout: ConnectionTimeout caused by - ConnectTimeout(HTTPConnectionPool(host='192.168.1.223', port=9200): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f9012e7ea10>, 'Connection to 192.168.1.223 timed out. (connect timeout=60)'))) Traceback (most recent call last): File "/usr/local/bin/elastalert", line 11, in load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert')() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 489, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2793, in load_entry_point return ep.load() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2411, in load return self.resolve() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2417, in resolve module = import(self.module_name, fromlist=['name'], level=0) File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/elastalert.py", line 21, in from alerts import DebugAlerter File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/alerts.py", line 31, in from thehive4py.api import TheHiveApi File "/usr/local/lib/python2.7/site-packages/thehive4py-1.6.0-py2.7.egg/thehive4py/api.py", line 7, in import magic File "/usr/local/lib/python2.7/site-packages/python_magic-0.4.15-py2.7.egg/magic.py", line 181, in raise ImportError('failed to find libmagic. Check your installation') ImportError: failed to find libmagic. Check your installation Traceback (most recent call last): File "/usr/local/bin/elastalert-create-index", line 11, in load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert-create-index')() File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/create_index.py", line 129, in main esversion = es.info()["version"]["number"] File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 76, in _wrapped return func(*args, params=params, **kwargs) File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/init.py", line 241, in info return self.transport.perform_request('GET', '/', params=params) File "/usr/local/lib/python2.7/site-packages/elasticsearch/transport.py", line 318, in perform_request status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout) File "/usr/local/lib/python2.7/site-packages/elasticsearch/connection/http_requests.py", line 84, in perform_request raise ConnectionTimeout('TIMEOUT', str(e), e) elasticsearch.exceptions.ConnectionTimeout: ConnectionTimeout caused by - ConnectTimeout(HTTPConnectionPool(host='192.168.1.223', port=9200): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f7c333fec90>, 'Connection to 192.168.1.223 timed out. (connect timeout=60)'))) Traceback (most recent call last): File "/usr/local/bin/elastalert", line 11, in load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert')() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 489, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2793, in load_entry_point return ep.load() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2411, in load return self.resolve() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2417, in resolve module = import(self.module_name, fromlist=['name'], level=0) File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/elastalert.py", line 21, in from alerts import DebugAlerter File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/alerts.py", line 31, in from thehive4py.api import TheHiveApi File "/usr/local/lib/python2.7/site-packages/thehive4py-1.6.0-py2.7.egg/thehive4py/api.py", line 7, in import magic File "/usr/local/lib/python2.7/site-packages/python_magic-0.4.15-py2.7.egg/magic.py", line 181, in raise ImportError('failed to find libmagic. Check your installation') ImportError: failed to find libmagic. Check your installation Traceback (most recent call last): File "/usr/local/bin/elastalert-create-index", line 11, in load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert-create-index')() File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/create_index.py", line 129, in main esversion = es.info()["version"]["number"] File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 76, in _wrapped return func(*args, params=params, **kwargs) File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/init.py", line 241, in info return self.transport.perform_request('GET', '/', params=params) File "/usr/local/lib/python2.7/site-packages/elasticsearch/transport.py", line 318, in perform_request status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout) File "/usr/local/lib/python2.7/site-packages/elasticsearch/connection/http_requests.py", line 84, in perform_request raise ConnectionTimeout('TIMEOUT', str(e), e) elasticsearch.exceptions.ConnectionTimeout: ConnectionTimeout caused by - ConnectTimeout(HTTPConnectionPool(host='192.168.1.223', port=9200): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fbccc82ec90>, 'Connection to 192.168.1.223 timed out. (connect timeout=60)'))) Traceback (most recent call last): File "/usr/local/bin/elastalert", line 11, in load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert')() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 489, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2793, in load_entry_point return ep.load() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2411, in load return self.resolve() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2417, in resolve module = import(self.module_name, fromlist=['name'], level=0) File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/elastalert.py", line 21, in from alerts import DebugAlerter File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/alerts.py", line 31, in from thehive4py.api import TheHiveApi File "/usr/local/lib/python2.7/site-packages/thehive4py-1.6.0-py2.7.egg/thehive4py/api.py", line 7, in import magic File "/usr/local/lib/python2.7/site-packages/python_magic-0.4.15-py2.7.egg/magic.py", line 181, in raise ImportError('failed to find libmagic. Check your installation') ImportError: failed to find libmagic. Check your installation Traceback (most recent call last): File "/usr/local/bin/elastalert-create-index", line 11, in load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert-create-index')() File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/create_index.py", line 129, in main esversion = es.info()["version"]["number"] File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 76, in _wrapped return func(*args, params=params, **kwargs) File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/init.py", line 241, in info return self.transport.perform_request('GET', '/', params=params) File "/usr/local/lib/python2.7/site-packages/elasticsearch/transport.py", line 318, in perform_request status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout) File "/usr/local/lib/python2.7/site-packages/elasticsearch/connection/http_requests.py", line 84, in perform_request raise ConnectionTimeout('TIMEOUT', str(e), e) elasticsearch.exceptions.ConnectionTimeout: ConnectionTimeout caused by - ConnectTimeout(HTTPConnectionPool(host='192.168.1.223', port=9200): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f80dc487c90>, 'Connection to 192.168.1.223 timed out. (connect timeout=60)'))) Traceback (most recent call last): File "/usr/local/bin/elastalert", line 11, in load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert')() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 489, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2793, in load_entry_point return ep.load() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2411, in load return self.resolve() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2417, in resolve module = import(self.module_name, fromlist=['name'], level=0) File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/elastalert.py", line 21, in from alerts import DebugAlerter File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/alerts.py", line 31, in from thehive4py.api import TheHiveApi File "/usr/local/lib/python2.7/site-packages/thehive4py-1.6.0-py2.7.egg/thehive4py/api.py", line 7, in import magic File "/usr/local/lib/python2.7/site-packages/python_magic-0.4.15-py2.7.egg/magic.py", line 181, in raise ImportError('failed to find libmagic. Check your installation') ImportError: failed to find libmagic. Check your installation Traceback (most recent call last): File "/usr/local/bin/elastalert-create-index", line 11, in load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert-create-index')() File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/create_index.py", line 129, in main esversion = es.info()["version"]["number"] File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 76, in _wrapped return func(*args, params=params, **kwargs) File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/init.py", line 241, in info return self.transport.perform_request('GET', '/', params=params) File "/usr/local/lib/python2.7/site-packages/elasticsearch/transport.py", line 318, in perform_request status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout) File "/usr/local/lib/python2.7/site-packages/elasticsearch/connection/http_requests.py", line 84, in perform_request raise ConnectionTimeout('TIMEOUT', str(e), e) elasticsearch.exceptions.ConnectionTimeout: ConnectionTimeout caused by - ConnectTimeout(HTTPConnectionPool(host='192.168.1.223', port=9200): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fa5c8c8cc90>, 'Connection to 192.168.1.223 timed out. (connect timeout=60)'))) Traceback (most recent call last): File "/usr/local/bin/elastalert", line 11, in load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert')() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 489, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2793, in load_entry_point return ep.load() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2411, in load return self.resolve() File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2417, in resolve module = import(self.module_name, fromlist=['name'], level=0) File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/elastalert.py", line 21, in from alerts import DebugAlerter File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/alerts.py", line 31, in from thehive4py.api import TheHiveApi File "/usr/local/lib/python2.7/site-packages/thehive4py-1.6.0-py2.7.egg/thehive4py/api.py", line 7, in import magic File "/usr/local/lib/python2.7/site-packages/python_magic-0.4.15-py2.7.egg/magic.py", line 181, in raise ImportError('failed to find libmagic. Check your installation') ImportError: failed to find libmagic. Check your installation