man-chen-TW
commented
4 years ago you can del elastalert's old index, it can recreate elastalert index, try it
Open meriem-ux opened 4 years ago
man-chen-TW
commented
4 years ago you can del elastalert's old index, it can recreate elastalert index, try it
meriem-ux
commented
4 years ago @man-chen-TW plz how can delete old index???
ymrsmns
commented
4 years ago @meriem-ux view your index localhost:9200/_cat/indices/e*
green open elastalert_status_past Fto3850HSeifknxfMj7I4g 5 1 0 0 2.5kb 1.2kb
green open elastalert_status_status _hL74rNVTcuMligZzf54_Q 5 1 68098 0 19.5mb 9.7mb
green open elastalert_status d0CKZ2MmRnqELrewingsag 5 1 7409 0 14.6mb 7.3mb
green open elastalert_status_error e2Z14Q5pTqexlp_nHR0I0g 5 1 157 0 985.1kb 492.5kb
green open elastalert_status_silence WmgBOeRyR1GgdErZoUhmcA 5 1 7409 0 1.4mb 743.3kbsave your rules and delete indexs
curl -XDELETE localhost:9200/elastalert_statu*
hi i run elastalert in docker by this commande:
docker run -d -p 3030:3030 -p 3333:3333 \ -v
pwd/config/elastalert.yaml:/opt/elastalert/config.yaml \ -vpwd/config/elastalert-test.yaml:/opt/elastalert/config-test.yaml \ -vpwd/config/config.json:/opt/elastalert-server/config/config.json \ -vpwd/rules:/opt/elastalert/rules \ -vpwd/rule_templates:/opt/elastalert/rule_templates \ --net="host" \ --name elastalert bitsensor/elastalert:3.0.0-beta.1but i have this issue:
08:43:53.956Z ERROR elastalert-server: ProcessController: WARNING:elasticsearch:GET http://51.77.:9200/elastalert_status/_search?size=1000 [status:400 request:0.054s] ERROR:root:Error finding recent pending alerts: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on') {'sort': {'alert_time': {'order': 'asc'}}, 'query': {'bool': {'filter': {'range': {'alert_time': {'to': '2019-10-04T08:43:53.900845Z', 'from': '2019-10-02T08:43:53.900788Z'}}}, 'must': {'query_string': {'query': '!exists:aggregate_id AND alert_sent:false'}}}}} Traceback (most recent call last): File "/opt/elastalert/elastalert/elastalert.py", line 1528, in find_recent_pending_alerts res = self.writeback_es.search(index=self.writeback_index, body=query, size=1000) File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.2-py2.7.egg/elasticsearch/client/utils.py", line 84, in _wrapped return func(*args, params=params, **kwargs) File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.2-py2.7.egg/elasticsearch/client/init.py", line 819, in search "GET", _make_path(index, "_search"), params=params, body=body File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.2-py2.7.egg/elasticsearch/transport.py", line 353, in perform_request timeout=timeout, File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.2-py2.7.egg/elasticsearch/connection/http_requests.py", line 155, in perform_request self._raise_error(response.status_code, raw_data) File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.2-py2.7.egg/elasticsearch/connection/base.py", line 178, in _raise_error status_code, error_message, additional_info RequestError: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on') can any one help me to solve it: