elastalert icon indicating copy to clipboard operation
elastalert copied to clipboard

Published 20 hours ago verified publisher icon Yelp

Elastalert is broken on python3.9 through `blist` dependency

Open marc- opened this issue 3 years ago • 12 comments

Linux 5.9.0-1-amd64 SMP Debian 5.9.1-1 (2020-10-17) x86_64 GNU/Linux

  File ".../elastalert/bin/elastalert-test-rule", line 33, in <module>
    sys.exit(load_entry_point('elastalert==0.2.4', 'console_scripts', 'elastalert-test-rule')())
  File ".../elastalert/bin/elastalert-test-rule", line 25, in importlib_load_entry_point
    return next(matches).load()
  File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load
    module = import_module(match.group('module'))
  File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 790, in exec_module
  File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
  File ".../elastalert/lib/python3.9/site-packages/elastalert/test_rule.py", line 15, in <module>
    from elastalert.config import load_conf
  File ".../elastalert/lib/python3.9/site-packages/elastalert/config.py", line 9, in <module>
    from . import loaders
  File ".../elastalert/lib/python3.9/site-packages/elastalert/loaders.py", line 16, in <module>
    from . import ruletypes
  File ".../elastalert/lib/python3.9/site-packages/elastalert/ruletypes.py", line 6, in <module>
    from blist import sortedlist
  File ".../elastalert/lib/python3.9/site-packages/blist/__init__.py", line 2, in <module>
    from blist._blist import *
ImportError: .../elastalert/lib/python3.9/site-packages/blist/_blist.cpython-39-x86_64-linux-gnu.so: undefined symbol: _PyObject_GC_IS_TRACKED```

marc- avatar Jan 14 '21 17:01 marc-

I am issuing a pull request to replace blist with sortedcontainers. I don't know when it will be merged. If you want to run it with Python 3.9, please refer to the contents of the pull request and modify it. Change Library blist to sortedcontainers #3019

nsano-rururu avatar Jan 14 '21 17:01 nsano-rururu

@marc-

The jertel/elastalert alt branch has changed from blist to sorted containers. https://github.com/jertel/elastalert/tree/alt

nsano-rururu avatar Jan 15 '21 17:01 nsano-rururu

Currnetly blocked by this on Fedora 33 with python 3.9

@Qmando

AnthraX1 avatar Jan 17 '21 03:01 AnthraX1

@AnthraX1

Wouldn't you consider running elastalsert with docker? https://hub.docker.com/r/jertel/elastalert-docker

I thought it was no longer possible to ask OSS for proper support. If you don't support me and you're not prepared to fix it yourself and keep using it, you shouldn't keep using OSS.

nsano-rururu avatar Jan 17 '21 04:01 nsano-rururu

@Qmando

Merge pull requests and release pypi, declare end of support, change maintainers, and more. which one would you like?

nsano-rururu avatar Jan 17 '21 04:01 nsano-rururu

@AnthraX1

Wouldn't you consider running elastalsert with docker? https://hub.docker.com/r/jertel/elastalert-docker

I thought it was no longer possible to ask OSS for proper support. If you don't support me and you're not prepared to fix it yourself and keep using it, you shouldn't keep using OSS.

Thanks for the reply. It's not that I can't run it with docker or pull the source and build it myself. It's just not easy to integrate with our CI/CD system and we can't easily test rules automatically with existing setup.

AnthraX1 avatar Jan 18 '21 01:01 AnthraX1

@AnthraX1

blist has an issue and a pull request due to a python 3.9 issue, but it seems that maintenance has stopped in 2014 and the pull request has not been merged. https://github.com/DanielStutzbach/blist

nsano-rururu avatar Jan 18 '21 17:01 nsano-rururu

Maybe you should create something like elastalert7 package on Pypi.

AnthraX1 avatar Jan 19 '21 15:01 AnthraX1

Yelp/elastalert is no longer maintained. Please use jertel elastalert. Questions to the discussion below https://github.com/jertel/elastalert/discussions

nsano-rururu avatar Apr 24 '21 12:04 nsano-rururu

@AnthraX1

Use ElastAlert2, which also supports python 3.9.

elastalert2 https://pypi.org/project/elastalert2/

nsano-rururu avatar Apr 25 '21 01:04 nsano-rururu

I can't send warning email, please tell me where I did wrong.

" name: "a" type: "frequency" index: "winlogbeat-*" is_enabled: true num_events: 2 realert: minutes: 5 terms_size: 50 timeframe: minutes: 5 timestamp_field: "@timestamp" timestamp_type: "iso" use_strftime_index: false alert_subject: "Test {} 123 aa☃" alert_subject_args:

  • "message"
  • "@log_name" alert_text: "Test {} 123 bb☃" alert_text_args:
  • "message" filter:
  • query: query_string: query: "@timestamp:*" alert:
  • "email"

(required, email specific)

a list of email addresses to send alerts to

email:

thongminhqua avatar Aug 15 '22 17:08 thongminhqua

there is a working folk at https://github.com/conda-forge/blist-feedstock

cometta avatar Jan 27 '23 08:01 cometta