elastalert icon indicating copy to clipboard operation
elastalert copied to clipboard

Published 20 hours ago verified publisher icon bitsensor

Create rule but not send it ElastAlert

Open dplgrail opened this issue 3 years ago • 5 comments

**_ERROR elastalert-server: TestController: Failed to test rule with error: INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent. To send them but remain verbose, use --verbose instead.

Traceback (most recent call last):
  File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/opt/elastalert/elastalert/test_rule.py", line 449, in <module>
    main()
  File "/opt/elastalert/elastalert/test_rule.py", line 445, in main
    test_instance.run_rule_test()
  File "/opt/elastalert/elastalert/test_rule.py", line 413, in run_rule_test
    rule_yaml = conf['rules_loader'].load_yaml(args.file)
  File "/opt/elastalert/elastalert/loaders.py", line 197, in load_yaml
    loaded = self.get_yaml(filename)
  File "/opt/elastalert/elastalert/loaders.py", line 526, in get_yaml
    return yaml_loader(filename)
  File "/usr/lib/python3.6/site-packages/PyStaticConfiguration-0.10.5-py3.6.egg/staticconf/loader.py", line 168, in yaml_loader
  File "/usr/lib/python3.6/site-packages/yaml/__init__.py", line 112, in load
    loader = Loader(stream)
  File "/usr/lib/python3.6/site-packages/yaml/loader.py", line 34, in __init__
    Reader.__init__(self, stream)
  File "/usr/lib/python3.6/site-packages/yaml/reader.py", line 85, in __init__
    self.determine_encoding()
  File "/usr/lib/python3.6/site-packages/yaml/reader.py", line 124, in determine_encoding
    self.update_raw()
  File "/usr/lib/python3.6/site-packages/yaml/reader.py", line 178, in update_raw
    data = self.stream.read(size)
  File "/usr/lib/python3.6/codecs.py", line 321, in decode
    (result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xc3 in position 380: invalid continuation byte_**

I've this issue.... help please

dplgrail avatar Apr 15 '21 08:04 dplgrail

bitsensor/elastalert is no longer maintained.

nsano-rururu avatar Apr 24 '21 12:04 nsano-rururu

@nsano-rururu
Can you help me using the API? I've been trying to test rules through API without success. I have tried also johnsusek /elastalert-server> and it seems I'm doing something obviously wrong. Can you provide an example of how to post a test or a rule properly?

simonezambonim avatar Apr 28 '21 14:04 simonezambonim

@simonezambonim

I've only used praecoapp/elastalert-server + praecoapp/praeco or praecoapp/elastalert-server + elastalert-kibana-plugin in Docker, so it's either way, which one do you prefer? By the way, I'm the maintainer of johnsusek/praeco and johnsusek/elastalert-server.

praecoapp/elastalert-server, praecoapp/praeco DockerImages https://hub.docker.com/u/praecoapp

elastalert-kibana-plugin restrictions

  • Although it is unofficial, it corresponds to kibana 7.5.1-7.9.3 https://github.com/nsano-rururu/elastalert-kibana-plugin

  • Kibana 7.10.0 or later is also supported, but it cannot be used because the rule test does not work properly. https://github.com/karql/elastalert-kibana-plugin

nsano-rururu avatar Apr 28 '21 16:04 nsano-rururu

Thanks for the reply @nsano-rururu ! I saw you commenting in other issues and followed your work!

Right now we are just interested in the API and not the UI, though we will keep in mind both these options.
I was able to figure it out what I was doing wrong.. and it was the formatting of the yaml when I added to my request.. so since the yaml needs to be on an inline format, the way I transformed it in the first time wasn't right, once I corrected the format it worked! Thanks for the response e for your work!

simonezambonim avatar Apr 28 '21 18:04 simonezambonim

https://github.com/Karql/elastalert2-server

nsano-rururu avatar Jan 10 '22 16:01 nsano-rururu