elastalert-kibana-plugin icon indicating copy to clipboard operation
elastalert-kibana-plugin copied to clipboard

Published 20 hours ago verified publisher icon bitsensor

elastalert error

Open meriem-ux opened this issue 5 years ago • 3 comments

hi i run elastalert in docker by this commande:

docker run -d -p 3030:3030 -p 3333:3333
-v pwd/config/elastalert.yaml:/opt/elastalert/config.yaml
-v pwd/config/elastalert-test.yaml:/opt/elastalert/config-test.yaml
-v pwd/config/config.json:/opt/elastalert-server/config/config.json
-v pwd/rules:/opt/elastalert/rules
-v pwd/rule_templates:/opt/elastalert/rule_templates
--net="host"
--name elastalert bitsensor/elastalert:3.0.0-beta.1

but i have this issue:

08:43:53.956Z ERROR elastalert-server: ProcessController: WARNING:elasticsearch:GET http://51.77.:9200/elastalert_status/_search?size=1000 [status:400 request:0.054s] ERROR:root:Error finding recent pending alerts: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on') {'sort': {'alert_time': {'order': 'asc'}}, 'query': {'bool': {'filter': {'range': {'alert_time': {'to': '2019-10-04T08:43:53.900845Z', 'from': '2019-10-02T08:43:53.900788Z'}}}, 'must': {'query_string': {'query': '!exists:aggregate_id AND alert_sent:false'}}}}} Traceback (most recent call last): File "/opt/elastalert/elastalert/elastalert.py", line 1528, in find_recent_pending_alerts res = self.writeback_es.search(index=self.writeback_index, body=query, size=1000) File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.2-py2.7.egg/elasticsearch/client/utils.py", line 84, in _wrapped return func(*args, params=params, **kwargs) File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.2-py2.7.egg/elasticsearch/client/init.py", line 819, in search "GET", _make_path(index, "_search"), params=params, body=body File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.2-py2.7.egg/elasticsearch/transport.py", line 353, in perform_request timeout=timeout, File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.2-py2.7.egg/elasticsearch/connection/http_requests.py", line 155, in perform_request self._raise_error(response.status_code, raw_data) File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.2-py2.7.egg/elasticsearch/connection/base.py", line 178, in _raise_error status_code, error_message, additional_info RequestError: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on') can any one help me to solve it:

meriem-ux avatar Oct 04 '19 08:10 meriem-ux

you can del elastalert's old index, it can recreate elastalert index, try it

man-chen-TW avatar Oct 05 '19 02:10 man-chen-TW

@man-chen-TW plz how can delete old index???

meriem-ux avatar Oct 07 '19 10:10 meriem-ux

@meriem-ux view your index localhost:9200/_cat/indices/e*

green open elastalert_status_past    Fto3850HSeifknxfMj7I4g 5 1     0 0   2.5kb   1.2kb
green open elastalert_status_status  _hL74rNVTcuMligZzf54_Q 5 1 68098 0  19.5mb   9.7mb
green open elastalert_status         d0CKZ2MmRnqELrewingsag 5 1  7409 0  14.6mb   7.3mb
green open elastalert_status_error   e2Z14Q5pTqexlp_nHR0I0g 5 1   157 0 985.1kb 492.5kb
green open elastalert_status_silence WmgBOeRyR1GgdErZoUhmcA 5 1  7409 0   1.4mb 743.3kb

save your rules and delete indexs

curl -XDELETE localhost:9200/elastalert_statu*

ymrsmns avatar Oct 07 '19 23:10 ymrsmns