Я создаю приложение, в котором мне нужно отправить письмо с elastalert.
Когда я запускаю команду python -m elastalert.elastalert --verbose --rule myrules\myrule.yaml
чтобы вызвать правило, у меня есть исключение следующим образом:
:\ELK_Info\ElastAlert\elastalert-master>python -m elastalert.elastalert --verbose --rule myrules\myrule.yaml
INFO:elastalert:Starting up
WARNING:elasticsearch:GET http://localhost:9200/elastalert_status_status/elastalert/_search?size=1000 [status:400 request:0.034s]
ERROR:root:Error finding recent pending alerts: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on'){'sort': {'alert_time': {'order': 'asc'}},
'query': {'bool': {'filter': {'range': {'alert_time': {'to': '2018-09-10T06:09:15.858Z', 'from': '2018-09-08T06:09:15.858Z'}}},
'must': {'query_string': {'query': '!_exists_:aggregate_id AND alert_sent:false'}}}}}
Traceback (most recent call last):File "D:\ELK_Info\ElastAlert\elastalert-master\elastalert\elastalert.py", line 1522, in find_recent_pending_alerts size=1000)
File "C:\Python27\lib\site-packages\elasticsearch\client\utils.py", line 76, in _wrapped
return func(*args, params=params, **kwargs)
File "C:\Python27\lib\site-packages\elasticsearch\client\__init__.py", line 66
0, in search doc_type, '_search'), params=params, body=body)
File "C:\Python27\lib\site-packages\elasticsearch\transport.py", line 318, in
perform_request
status, headers_response, data = connection.perform_request(method, url, par
ams, body, headers=headers, ignore=ignore, timeout=timeout)
File "C:\Python27\lib\site-packages\elasticsearch\connection\http_requests.py"
, line 90, in perform_request self._raise_error(response.status_code, raw_data)
File "C:\Python27\lib\site-packages\elasticsearch\connection\base.py", line 12
5, in _raise_error raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_me
ssage, additional_info)
RequestError: RequestError(400, u'search_phase_execution_exception', u'No mappin
g found for [alert_time] in order to sort on')
INFO:elastalert:Queried rule Log Level Test from 2018-09-10 11:39 India Standard
Time to 2018-09-10 11:39 India Standard Time: 0 / 0 hits
INFO:elastalert:Ran Log Level Test from 2018-09-10 11:39 India Standard Time to
2018-09-10 11:39 India Standard Time: 0 query hits (0 already seen), 0 matches,
0 alerts sent
INFO:elastalert:Sleeping for 1.844 seconds
INFO:elastalert:SIGINT received, stopping ElastAlert...
No mapping found for [alert_time] in order to sort on
http://localhost:9200/elastalert_status_status/_mapping/elastalert_status
Вывод этого API выглядит следующим образом:
{
"elastalert_status_status": {
"mappings": {
"elastalert_status": {
"properties": {
"@timestamp": {
"type": "date"
},
"endtime": {
"type": "date"
},
"hits": {
"type": "long"
},
"matches": {
"type": "long"
},
"rule_name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"starttime": {
"type": "date"
},
"time_taken": {
"type": "float"
}
}
}
}
}
}
Содержимое файла правила:
es_host: localhost
es_port: 9200
name: Log Level Test
type: frequency
index: testindexv4
num_events: 1
timeframe:
hours: 4
filter:
- term:
log_level.keyword: "ERROR"
- query:
query_string:
query: "log_level.keyword: ERROR"
alert:
- "email"
email:
- "<mailId>@gmail.com"
Любая идея, чтобы решить то же самое, пожалуйста?