elastalert crash when using timestamp_type: unix_ms

Yelp / elastalert

Easy & Flexible Alerting With ElasticSearch

https://elastalert.readthedocs.org

Apache License 2.0

7.99k stars 1.74k forks source link

elastalert crash when using timestamp_type: unix_ms #1248

Open avihaleva opened 7 years ago

avihaleva commented 7 years ago

elastalert use search range filter with a range of doubles (the time in milisec with micro sec resolution (e.g: 1501502000.100) which fails on a date elastic field with epoc_millis format.

when timestamp_type: iso in use, the query passes fine but than the returned payload failed to get parsed (becuase the date field is returned as int ... ERROR:root:Uncaught exception running rule Demo HD Failure: Parser must be a string or character stream, not int

Qmando commented 7 years ago

I think you want unix rather than unix_ms. 1501502000.100 is a unix timestamp in seconds, compared to 1501502000100 which would be unix_ms.