ERROR elastalert-server #195
Description
Version Info
kibana version: 7.9.0
elasticsearch: 7.9.0
elastalert: 3.0.0-beta.0
Docker Run
#!/bin/bash
docker stop elastalert
docker rm -f elastalert
docker run -d \
-p 3030:3030 \
-v `pwd`/config/elastalert.yaml:/opt/elastalert/config.yaml \
-v `pwd`/config/config.json:/opt/elastalert-server/config/config.json \
-v `pwd`/rules:/opt/elastalert/rules \
-v `pwd`/rule_templates:/opt/elastalert/rule_templates \
-v `pwd`/smtp_auth_file.yaml:/opt/elastalert/smtp_auth_file.yaml \
--net="host" \
--name elastalert \
--restart=always \
bitsensor/elastalert:3.0.0-beta.0Config.json
"es_host": "10.0.0.51",
"es_port": 9200,
"writeback_index": "elastalert_status"Elastalert.yaml
I've revised the elastalert.yaml file:
es_host: 10.0.0.51
# The elasticsearch port
es_port: 9200
# This is the folder that contains the rule yaml files
# Any .yaml file will be loaded as a rule
rules_folder: rulesError logs
12:08:18.521Z ERROR elastalert-server:
ProcessController: WARNING:elasticsearch:GET http://10.0.0.51:9200/elastalert_status/_search?size=1000 [status:400 request:0.003s]
12:08:18.522Z ERROR elastalert-server:
ProcessController: ERROR:root:Error finding recent pending alerts: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on') {'sort': {'alert_time': {'order': 'asc'}}, 'query': {'bool': {'filter': {'range': {'alert_time': {'to': '2020-12-25T12:08:18.518372Z', 'from': '2020-12-23T12:08:18.518346Z'}}}, 'must': {'query_string': {'query': '!_exists_:aggregate_id AND alert_sent:false'}}}}}
Traceback (most recent call last):
File "/opt/elastalert/elastalert/elastalert.py", line 1604, in find_recent_pending_alerts
res = self.writeback_es.search(index=self.writeback_index, body=query, size=1000)
File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/client/utils.py", line 84, in _wrapped
return func(*args, params=params, **kwargs)
File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/client/__init__.py", line 818, in search
"GET", _make_path(index, "_search"), params=params, body=body
File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/transport.py", line 353, in perform_request
timeout=timeout,
File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/connection/http_requests.py", line 143, in perform_request
self._raise_error(response.status_code, raw_data)
File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/connection/base.py", line 168, in _raise_error
status_code, error_message, additional_info
RequestError: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on')
And the elasticsearch server is normal,Please tell me how to solve this problem.
Looking forward to your reply,thanks!!