I did several rules with a particular index using Elastalert jertel docker and it works well.
I have created a new rule with another index of Elasticsearch and encounterd an issue never seen before where I'm stucked
`File "/usr/local/lib/python3.11/site-packages/elastalert/elastalert.py", line 1235, in handle_rule_execution
num_matches = self.run_rule(rule, endtime, rule.get('initial_starttime'))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/elastalert/elastalert.py", line 889, in run_rule
if self.is_silenced(rule['name'] + "._silence") or self.is_silenced(silence_cache_key):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/elastalert/elastalert.py", line 1728, in is_silenced
until_ts = res['hits']['hits'][0]['_source']['until']
KeyError: 'until'
`
I don't understand at all what it means and how to solve it, any clue ?
I did several rules with a particular index using Elastalert jertel docker and it works well. I have created a new rule with another index of Elasticsearch and encounterd an issue never seen before where I'm stucked `File "/usr/local/lib/python3.11/site-packages/elastalert/elastalert.py", line 1235, in handle_rule_execution num_matches = self.run_rule(rule, endtime, rule.get('initial_starttime')) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/elastalert/elastalert.py", line 889, in run_rule if self.is_silenced(rule['name'] + "._silence") or self.is_silenced(silence_cache_key): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/elastalert/elastalert.py", line 1728, in is_silenced until_ts = res['hits']['hits'][0]['_source']['until']