Kibana 7.2.0 - Githubissues

jurgenhaas commented 5 years ago

Looks like the new Kibana version 7.2.0 also requires a new version of this plugin. Are you going to provide one?

webhead404 commented 5 years ago

You can modify package.json in the plugin to represent 7.2.0. ie

{
  "name": "elastalert-kibana-plugin",
  "version": "1.0.4",
  "description": "Create, test and edit ElastAlert rules within Kibana.",
  "main": "index.js",
  "license": "SEE LICENSE IN LICENSE.md",
  "kibana": {
    "version": "7.2.0",
    "templateVersion": "1.0.0"
  }

levanvunam commented 5 years ago

You can modify package.json in the plugin to represent 7.2.0. ie

{
  "name": "elastalert-kibana-plugin",
  "version": "1.0.4",
  "description": "Create, test and edit ElastAlert rules within Kibana.",
  "main": "index.js",
  "license": "SEE LICENSE IN LICENSE.md",
  "kibana": {
    "version": "7.2.0",
    "templateVersion": "1.0.0"
  }

It doesn't work with 7.2.0 that way anymore. So I think may need new plugins. Also waiting for this.

webhead404 commented 5 years ago

I might have got lucky. All Kibana does is extract the zip to the proper directory and my cluster was already on 7.1. after upgraded my cluster I changed the file and it worked flawlessly for me.

On Thu, Jun 27, 2019, 11:40 PM Nam Le notifications@github.com wrote:

You can modify package.json in the plugin to represent 7.2.0. ie

{ "name": "elastalert-kibana-plugin", "version": "1.0.4", "description": "Create, test and edit ElastAlert rules within Kibana.", "main": "index.js", "license": "SEE LICENSE IN LICENSE.md", "kibana": { "version": "7.2.0", "templateVersion": "1.0.0" }

It doesn't work with 7.2.0 that way anymore. So I think may need new plugins. Also waiting for this.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/bitsensor/elastalert-kibana-plugin/issues/115?email_source=notifications&email_token=ACCB7ATK7WZZKUSN4VQEKQ3P4WI4DA5CNFSM4H3QJ6P2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYZBBJI#issuecomment-506597541, or mute the thread https://github.com/notifications/unsubscribe-auth/ACCB7AWCZXOWWDC47IMO65LP4WI4DANCNFSM4H3QJ6PQ .

max-xface commented 5 years ago

Installed ELK 7.2, installed the plugin by changing the version in the package.json. Plugin not work with error: {"type":"log","@timestamp":"2019-06-28T12:38:36Z","tags":["plugin","warning"],"pid":24851,"path":"/usr/share/kibana/plugins/elastalert-kibana-plugin","message":"Skipping non-plugin directory at /usr/share/kibana/plugins/elastalert-kibana-plugin"}

zabzd999 commented 5 years ago

It works well as webhead404 said.

levanvunam commented 5 years ago

It works well as webhead404 said.

@zabzd999 @webhead404 are you both using 7.2 or just 7.1.x? Cause previously I can also make it work with 7.1.1 version but not 7.2 I saw some breaking changes in kibana 7.2 layout also

webhead404 commented 5 years ago

I was using 7.1 and upgraded to Kibana 7.2. This broke the plugin so once stopping Kibana again I edited the file and restarted it. Then it worked fine.

On Tue, Jul 2, 2019, 8:09 AM Nam Le notifications@github.com wrote:

It works well as webhead404 said.

@zabzd999 https://github.com/zabzd999 @webhead404 https://github.com/webhead404 are you both using 7.2 or just 7.1.x? Cause previously I can also make it work with 7.1.1 version but not 7.2 I saw some breaking changes in kibana 7.2 layout also

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/bitsensor/elastalert-kibana-plugin/issues/115?email_source=notifications&email_token=ACCB7ASBVK2MUYKFGTK2YR3P5NHRBA5CNFSM4H3QJ6P2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZBGYHY#issuecomment-507669535, or mute the thread https://github.com/notifications/unsubscribe-auth/ACCB7ASESUSWPOLAVVKXZR3P5NHRBANCNFSM4H3QJ6PQ .

max-xface commented 5 years ago

Works if you install the plugin manually without using the kibana script

levanvunam commented 5 years ago

@max-xface yes manual copy work. For someone who couldn't make it work, what I did are:

Remove current plugin
Copy the plugin directly to /plugins folder
Update package.json
Restart kibana It took awhile but working perfectly, cheer!

iwilltry42 commented 5 years ago

@levanvunam are you using the beta release for elastalert to work with ES 7.2? Any problems with it? https://github.com/bitsensor/elastalert/releases/tag/3.0.0-beta.0

levanvunam commented 5 years ago

Hi @iwlltry42 I use beta version of elastalert. We use docker so I actually use bitsensor docker images for beta version The main features work but test rule is not working yet.

amundra2016 commented 5 years ago

@levanvunam The main features are also not working for me apart from test rules.

amundra2016 commented 5 years ago

@here Can anyone help me get some alerts on slack or any other platform? I am using 7.2.0 version and I am unable to receive anything, nothing is given in logs, no error, no info.

levanvunam commented 5 years ago

@amundra Do you have any logs from elastalert?

amundra2016 commented 5 years ago

@levanvunam Sorry for the late response, here are the logs when server starts

root@ip-172-31-9-229:/opt# docker logs elastalert                                                                                                                            

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert-server                                                                                                            
> sh ./scripts/start.sh                                                                                                                                                      

04:44:45.855Z  INFO elastalert-server: Config:  No config.dev.json file was found in /opt/elastalert-server/config/config.dev.json.                                          
04:44:45.857Z  INFO elastalert-server: Config:  Proceeding to look for normal config file.                                                                                   
04:44:45.858Z  INFO elastalert-server: Config:  A config file was found in /opt/elastalert-server/config/config.json. Using that config.                                     
04:44:45.865Z  INFO elastalert-server: Router:  Listening for GET request on /.                                                                                              
04:44:45.865Z  INFO elastalert-server: Router:  Listening for GET request on /status.                                                                                        
04:44:45.865Z  INFO elastalert-server: Router:  Listening for GET request on /status/control/:action.                                                                        
04:44:45.865Z  INFO elastalert-server: Router:  Listening for GET request on /status/errors.                                                                                 
04:44:45.866Z  INFO elastalert-server: Router:  Listening for GET request on /rules.                                                                                         
04:44:45.867Z  INFO elastalert-server: Router:  Listening for GET request on /rules/:id.                                                                                     
04:44:45.868Z  INFO elastalert-server: Router:  Listening for POST request on /rules/:id.                                                                                    
04:44:45.868Z  INFO elastalert-server: Router:  Listening for DELETE request on /rules/:id.                                                                                  
04:44:45.868Z  INFO elastalert-server: Router:  Listening for GET request on /templates.                                                                                     
04:44:45.868Z  INFO elastalert-server: Router:  Listening for GET request on /templates/:id.                                                                                 
04:44:45.868Z  INFO elastalert-server: Router:  Listening for POST request on /templates/:id.                                                                                
04:44:45.868Z  INFO elastalert-server: Router:  Listening for DELETE request on /templates/:id.
04:44:45.868Z  INFO elastalert-server: Router:  Listening for POST request on /test.
04:44:45.869Z  INFO elastalert-server: Router:  Listening for GET request on /config.
04:44:45.869Z  INFO elastalert-server: Router:  Listening for POST request on /config.
04:44:45.869Z  INFO elastalert-server: Router:  Listening for POST request on /download.
04:44:45.869Z  INFO elastalert-server: Router:  Listening for GET request on /metadata/:type.
04:44:45.869Z  INFO elastalert-server: Router:  Listening for GET request on /mapping/:index.
04:44:45.869Z  INFO elastalert-server: Router:  Listening for POST request on /search/:index.
04:44:45.873Z  INFO elastalert-server: ProcessController:  Starting ElastAlert
04:44:45.873Z  INFO elastalert-server: ProcessController:  Creating index
04:44:46.795Z  INFO elastalert-server:
    ProcessController:  Elastic Version: 7.2.0
    Reading Elastic 6 index mappings:
    Reading index mapping 'es_mappings/6/silence.json'
    Reading index mapping 'es_mappings/6/elastalert_status.json'
    Reading index mapping 'es_mappings/6/elastalert.json'
    Reading index mapping 'es_mappings/6/past_elastalert.json'
    Reading index mapping 'es_mappings/6/elastalert_error.json'
    Index elastalert_status already exists. Skipping index creation.
04:44:46.795Z ERROR elastalert-server:
    ProcessController:  /opt/elastalert/elastalert/create_index.py:196: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsaf
e. Please read https://msg.pyyaml.org/load for full details.
      data = yaml.load(config_file)
04:44:46.795Z  INFO elastalert-server: ProcessController:  Index create exited with code 0
04:44:46.796Z  INFO elastalert-server: ProcessController:  Starting elastalert with arguments [none]
04:44:46.804Z  INFO elastalert-server: ProcessController:  Started Elastalert (PID: 36)
04:44:46.806Z  INFO elastalert-server: Server:  Server listening on port 3030
04:44:46.808Z  INFO elastalert-server: Server:  Websocket listening on port 3333
04:44:46.809Z  INFO elastalert-server: Server:  Server started
04:44:47.915Z ERROR elastalert-server:
    ProcessController:  elastalert/loaders.py:93: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https:/
/msg.pyyaml.org/load for full details.
      yaml.load(open(os.path.join(os.path.dirname(__file__), 'schema.yaml'))))
04:44:48.017Z  INFO elastalert-server:
    ProcessController:  0 rules loaded
root@ip-172-31-9-229:/opt#

And also these are logs when I trigger alert with test rules button.

05:18:31.148Z ERROR elastalert-server:                                                                                                                                       
    TestController:  Failed to test rule with error: Traceback (most recent call last):                                                                                      
      File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main                                                                                                   

        "__main__", fname, loader, pkg_name)                                                                                                                                 
      File "/usr/lib/python2.7/runpy.py", line 72, in _run_code                                                                                                              
        exec code in run_globals                                                                                                                                             
      File "/opt/elastalert/elastalert/test_rule.py", line 445, in <module>                                                                                                  

        main()

      File "/opt/elastalert/elastalert/test_rule.py", line 441, in main

        test_instance.run_rule_test()
      File "/opt/elastalert/elastalert/test_rule.py", line 408, in run_rule_test

        conf = load_conf(args, defaults, overwrites)
      File "elastalert/config.py", line 47, in load_conf

        configure_logging(args, conf)
      File "elastalert/config.py", line 106, in configure_logging

        if args.verbose and args.debug:
    AttributeError: 'Namespace' object has no attribute 'verbose'

I hope the error is expected for this as said in comments, but when I try to manipulate the index that is change or add data to it, the rules which I have created should trigger the alert, right?

Just for more information, here is my rules file:

name: foo

type: any

index: kibana*

num_events: 1

timeframe:
  hours: 4

alert:
- "slack"
slack_webhook_url: "https://hooks.slack.com/services/xxxx"

amundra2016 commented 5 years ago

@levanvunam Seems like I have found the cause of problem, The index which I was pointing to kibana* is not supportive of elastalert or to any alert kind of indexes, what I have understood is that a timestamp field is required in the indexes which was not the case with my index, but the moment I used metricbeat's index, I was getting the alert. But the logs for elastalert are still not happy, they are logging the error

11:54:22.647Z ERROR elastalert-server:
    ProcessController:  WARNING:elasticsearch:GET http://3.1.220.80:9200/elastalert_status_silence/_search?_source_include=until%2Cexponent&size=1 [status:400 request:0.004s]

11:54:22.649Z ERROR elastalert-server:
    ProcessController:  ERROR:root:Error while querying for alert silence status: RequestError(400, u'illegal_argument_exception', u'request [/elastalert_status_silence/_search] contains unrecognized parameter: [_source_include] -> did you mean any of [_source_includes, _source_excludes]?')

11:54:22.683Z ERROR elastalert-server:
    ProcessController:  WARNING:elasticsearch:GET http://3.1.220.80:9200/elastalert_status_silence/_search?_source_include=until%2Cexponent&size=1 [status:400 request:0.004s]

11:54:22.684Z ERROR elastalert-server:
    ProcessController:  ERROR:root:Error while querying for alert silence status: RequestError(400, u'illegal_argument_exception', u'request [/elastalert_status_silence/_search] contains unrecognized parameter: [_source_include] -> did you mean any of [_source_includes, _source_excludes]?')

11:54:22.716Z ERROR elastalert-server:
    ProcessController:  WARNING:elasticsearch:GET http://3.1.220.80:9200/elastalert_status_silence/_search?_source_include=until%2Cexponent&size=1 [status:400 request:0.004s]

11:54:22.716Z ERROR elastalert-server:
    ProcessController:  ERROR:root:Error while querying for alert silence status: RequestError(400, u'illegal_argument_exception', u'request [/elastalert_status_silence/_search] contains unrecognized parameter: [_source_include] -> did you mean any of [_source_includes, _source_excludes]?')

Im not sure, what could be the cause here? Did you get a similar error?

amundra2016 commented 5 years ago

Recreating the elastalert indexes helped solve the problem.

meriem-ux commented 5 years ago

@here @amundra2016 Can anyone help me the rule can't saved

any help????? this my config kibana.yml file: elastalert-kibana-plugin.enabled: true elastalert-kibana-plugin.serverHost: 123.0.0.1 elastalert-kibana-plugin.serverPort: 3030 elastalert-kibana-plugin.serverSsl: false

bitsensor / elastalert-kibana-plugin

Kibana 7.2.0 #115