bitsensor
ElastAlert Server Fails to Start
I have never used ElastAlert nor Docker before, so I am completely lost on how to troubleshoot this. I would appreciate any help!
I followed the documenation to install on my development Elastic server running Ubuntu (Elasticsearch, Kibana, and Logstash are on the same host). The Kibana plug-in seems to have installed properly, as I can see the ElastAlert icon on the navigation bar. Clicking on it gives me a 502 error saying it cannot connect to 127.0.0.1:3030. I tried to curl the localhost on port 3030, and there was no response. Since I have never used Docker before, it took a while to figure out how to even see what was happening when I try to start the container (--interactive). When trying to run with the --interactive flag, here is what I get:
me@devserver:/opt/elastalert# docker run -d -p 3030:3030 -p 3333:3333 \
> -v `pwd`/config/elastalert.yaml:/opt/elastalert/config.yaml \
> -v `pwd`/config/elastalert-test.yaml:/opt/elastalert/config-test.yaml \
> -v `pwd`/config/config.json:/opt/elastalert-server/config/config.json \
> -v `pwd`/rules:/opt/elastalert/rules \
> -v `pwd`/rule_templates:/opt/elastalert/rule_templates \
> --net="host" \
> --name elastalert bitsensor/elastalert:latest
Unable to find image 'bitsensor/elastalert:latest' locally
latest: Pulling from bitsensor/elastalert
e7c96db7181b: Pull complete
a9b145f64bbe: Pull complete
3bcb5e14be53: Pull complete
c7eba4f91c52: Pull complete
f404eba5b52b: Pull complete
ba2471f84d98: Pull complete
c94b7abcf496: Pull complete
80048254d1c2: Pull complete
b31aaa1e4bc4: Pull complete
4dda5b4cc83c: Pull complete
7bbb929b0d36: Pull complete
44fec82996d4: Pull complete
ff8f4a3d434f: Pull complete
553cf29ddc41: Pull complete
0f4503324961: Pull complete
Digest: sha256:c80f54a6743778908a08876e157bea8013a92e5dabfdf4fca0737d3e7d105b97
Status: Downloaded newer image for bitsensor/elastalert:latest
WARNING: Published ports are discarded when using host network mode
063bf0d3facaa3c7ad5357f7a11c8c238dee7a2c12980eb28e18f0a57a2db0dd
me@devserver:/opt/elastalert# docker start --interactive elastalert
> @bitsensor/[email protected] start /opt/elastalert-server
> sh ./scripts/start.sh
21:44:07.371Z INFO elastalert-server: Config: No config.dev.json file was found in /opt/elastalert-server/config/config.dev.json.
21:44:07.373Z INFO elastalert-server: Config: Proceeding to look for normal config file.
21:44:07.374Z INFO elastalert-server: Config: A config file was found in /opt/elastalert-server/config/config.json. Using that config.
21:44:07.385Z INFO elastalert-server: Router: Listening for GET request on /.
21:44:07.385Z INFO elastalert-server: Router: Listening for GET request on /status.
21:44:07.385Z INFO elastalert-server: Router: Listening for GET request on /status/control/:action.
21:44:07.385Z INFO elastalert-server: Router: Listening for GET request on /status/errors.
21:44:07.385Z INFO elastalert-server: Router: Listening for GET request on /rules.
21:44:07.388Z INFO elastalert-server: Router: Listening for GET request on /rules/:id.
21:44:07.388Z INFO elastalert-server: Router: Listening for POST request on /rules/:id.
21:44:07.388Z INFO elastalert-server: Router: Listening for DELETE request on /rules/:id.
21:44:07.389Z INFO elastalert-server: Router: Listening for GET request on /templates.
21:44:07.389Z INFO elastalert-server: Router: Listening for GET request on /templates/:id.
21:44:07.389Z INFO elastalert-server: Router: Listening for POST request on /templates/:id.
21:44:07.389Z INFO elastalert-server: Router: Listening for DELETE request on /templates/:id.
21:44:07.389Z INFO elastalert-server: Router: Listening for POST request on /test.
21:44:07.390Z INFO elastalert-server: Router: Listening for GET request on /config.
21:44:07.390Z INFO elastalert-server: Router: Listening for POST request on /config.
21:44:07.390Z INFO elastalert-server: Router: Listening for POST request on /download.
21:44:07.390Z INFO elastalert-server: Router: Listening for GET request on /metadata/:type.
21:44:07.391Z INFO elastalert-server: Router: Listening for GET request on /mapping/:index.
21:44:07.391Z INFO elastalert-server: Router: Listening for POST request on /search/:index.
21:44:07.401Z INFO elastalert-server: ProcessController: Starting ElastAlert
21:44:07.401Z INFO elastalert-server: ProcessController: Creating index
21:44:07.835Z INFO elastalert-server:
ProcessController: Elastic Version:7
Mapping used for string:{'type': 'keyword'}
Index elastalert_status already exists. Skipping index creation.
21:44:07.835Z INFO elastalert-server: ProcessController: Index create exited with code 0
21:44:07.836Z INFO elastalert-server: ProcessController: Starting elastalert with arguments [none]
21:44:07.843Z INFO elastalert-server: ProcessController: Started Elastalert (PID: 36)
21:44:07.844Z INFO elastalert-server: Server: Server listening on port 3030
21:44:07.845Z INFO elastalert-server: Server: Websocket listening on port 3333
21:44:07.846Z INFO elastalert-server: Server: Server started
21:44:08.542Z ERROR elastalert-server:
ProcessController: Traceback (most recent call last):
File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
21:44:08.543Z ERROR elastalert-server:
ProcessController: "__main__", fname, loader, pkg_name)
File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/opt/elastalert/elastalert/elastalert.py", line 1929, in <module>
sys.exit(main(sys.argv[1:]))
File "/opt/elastalert/elastalert/elastalert.py", line 1925, in main
21:44:08.543Z ERROR elastalert-server:
ProcessController: client.start()
File "/opt/elastalert/elastalert/elastalert.py", line 1106, in start
21:44:08.543Z ERROR elastalert-server: ProcessController:
21:44:08.543Z ERROR elastalert-server:
ProcessController: self.run_all_rules()
File "/opt/elastalert/elastalert/elastalert.py", line 1158, in run_all_rules
21:44:08.544Z ERROR elastalert-server: ProcessController:
21:44:08.544Z ERROR elastalert-server:
ProcessController: self.send_pending_alerts()
File "/opt/elastalert/elastalert/elastalert.py", line 1534, in send_pending_alerts
21:44:08.545Z ERROR elastalert-server:
ProcessController: pending_alerts = self.find_recent_pending_alerts(self.alert_time_limit)
File "/opt/elastalert/elastalert/elastalert.py", line 1526, in find_recent_pending_alerts
21:44:08.545Z ERROR elastalert-server:
ProcessController: size=1000)
File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/client/utils.py", line 84, in _wrapped
21:44:08.545Z ERROR elastalert-server:
ProcessController: return func(*args, params=params, **kwargs)
TypeError: search() got an unexpected keyword argument 'doc_type'
21:44:08.572Z ERROR elastalert-server: ProcessController: ElastAlert exited with code 1
21:44:08.572Z INFO elastalert-server: Server: Stopping server
21:44:08.572Z INFO elastalert-server: ProcessController: ElastAlert is not running
21:44:08.573Z INFO elastalert-server: Server: Server stopped. Bye!
me@devserver:/opt/elastalert#
Since everything is running on the localhost, I am guessing the default installation should work out of the box, no? What am I missing here? Why am I getting all these errors?
Again, I would appreciate any help in getting this to work.
Thank you, Mako
Looks like an elasticsearch version mismatch (7 seems to be used, with an older ElastAlert version)
Op do 12 sep. 2019 om 06:24 schreef Supaman [email protected]:
any update ?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/bitsensor/elastalert-kibana-plugin/issues/120?email_source=notifications&email_token=AB7DEOVRPXWL6GJJVOKNDODQJG767A5CNFSM4IJ2SOT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6QTMVY#issuecomment-530658903, or mute the thread https://github.com/notifications/unsubscribe-auth/AB7DEOTNJT32FJN3AJ5VMDDQJG767ANCNFSM4IJ2SOTQ .
