ERROR elastalert-server #195

xiahuhu1 · 2020-12-25T12:11:52Z

Version Info

kibana version: 7.9.0
elasticsearch: 7.9.0
elastalert: 3.0.0-beta.0

Docker Run

#!/bin/bash
docker stop elastalert
docker rm -f elastalert

docker run -d \
	-p 3030:3030 \
	-v `pwd`/config/elastalert.yaml:/opt/elastalert/config.yaml \
	-v `pwd`/config/config.json:/opt/elastalert-server/config/config.json \
	-v `pwd`/rules:/opt/elastalert/rules \
	-v `pwd`/rule_templates:/opt/elastalert/rule_templates \
	-v `pwd`/smtp_auth_file.yaml:/opt/elastalert/smtp_auth_file.yaml \
	--net="host" \
	--name elastalert \
	--restart=always \
	bitsensor/elastalert:3.0.0-beta.0

Config.json

 "es_host": "10.0.0.51",
  "es_port": 9200,
  "writeback_index": "elastalert_status"

Elastalert.yaml

I've revised the elastalert.yaml file:

es_host: 10.0.0.51

# The elasticsearch port
es_port: 9200

# This is the folder that contains the rule yaml files
# Any .yaml file will be loaded as a rule
rules_folder: rules

Error logs

12:08:18.521Z ERROR elastalert-server:
    ProcessController:  WARNING:elasticsearch:GET http://10.0.0.51:9200/elastalert_status/_search?size=1000 [status:400 request:0.003s]
    
12:08:18.522Z ERROR elastalert-server:
    ProcessController:  ERROR:root:Error finding recent pending alerts: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on') {'sort': {'alert_time': {'order': 'asc'}}, 'query': {'bool': {'filter': {'range': {'alert_time': {'to': '2020-12-25T12:08:18.518372Z', 'from': '2020-12-23T12:08:18.518346Z'}}}, 'must': {'query_string': {'query': '!_exists_:aggregate_id AND alert_sent:false'}}}}}
    Traceback (most recent call last):
      File "/opt/elastalert/elastalert/elastalert.py", line 1604, in find_recent_pending_alerts
        res = self.writeback_es.search(index=self.writeback_index, body=query, size=1000)
      File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/client/utils.py", line 84, in _wrapped
        return func(*args, params=params, **kwargs)
      File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/client/__init__.py", line 818, in search
        "GET", _make_path(index, "_search"), params=params, body=body
      File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/transport.py", line 353, in perform_request
        timeout=timeout,
      File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/connection/http_requests.py", line 143, in perform_request
        self._raise_error(response.status_code, raw_data)
      File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/connection/base.py", line 168, in _raise_error
        status_code, error_message, additional_info
    RequestError: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on')

And the elasticsearch server is normal,Please tell me how to solve this problem.

Looking forward to your reply,thanks!!

The text was updated successfully, but these errors were encountered:

zza210 · 2022-05-05T07:59:19Z

See 'No mapping found for [alert_time] in order to sort on', it means something went wrong when elastalert creating index (likely caused by previous elastalert start failure). Just delete the existing elastalert_* indices auto created by elastalert in your elasticsearch cluster and restart elastalert.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ERROR elastalert-server #195

ERROR elastalert-server #195

xiahuhu1 commented Dec 25, 2020

zza210 commented May 5, 2022

ERROR elastalert-server #195

ERROR elastalert-server #195

Comments

xiahuhu1 commented Dec 25, 2020

Version Info

Docker Run

Config.json

Elastalert.yaml

Error logs

zza210 commented May 5, 2022