Unknown key for a START_OBJECT in [filter]

maggienj / ActiveDataElasticSearchPyStp

ActiveData - ElasticSearch17 and Py2.7 setup

0 stars 0 forks source link

Unknown key for a START_OBJECT in [filter] #1

Open maggienj opened 7 years ago

maggienj commented 7 years ago

Facing this err in issue45: Unknown key for a START_OBJECT in [filter]

maggienj commented 7 years ago

It looks like all needed is to rewrite this query:

<<From the discussion thread: https://github.com/Yelp/elastalert/blob/master/elastalert/elastalert.py#L159 (thanks @bkeifer )

Documentation says that change should be simple: https://www.elastic.co/guide/en/elasticsearch/reference/5.0/query-dsl-filtered-query.html

I'll try to find some time, my python is a bit rusty :) <<<<From the discussion thread:

From: https://github.com/Yelp/elastalert/issues/790

maggienj commented 7 years ago

Another point to remember from the same discussion thread:

<<From the discussion thread: The filters work fine? The current format is

query: filtered: filter: bool: must: [filters from rule here] The docs say that filtered has been deprecated. I'm not really an expert on the query DSL though.

Another breaking change: No more fields https://github.com/Yelp/elastalert/blob/master/elastalert/elastalert.py#L243 That should be stored_fields instead.

search_type=count is removed too https://github.com/Yelp/elastalert/blob/master/elastalert/elastalert.py#L318 Instead, you have to add size: 0

These are just what stood out when scanning the breaking changes page https://github.com/Yelp/elastalert/issues/790#issuecomment-261099679

maggienj commented 7 years ago

I have the same question which is...

<<From the discussion thread: @Qmando the filters work fine with my above patch, and the ES 2.4.0 library against a ES 5.0.0 server The filter comes out something like:

query:
  bool:
    filter:
      bool:
        must: [filters from rule here]

<<From the discussion thread: It looks odd with a bool then filter then bool, it just happens we are using the bool filter. @stumyp I'm not sure if your shorter query would work, it's not what I understood the docs to mean. >>

https://github.com/Yelp/elastalert/issues/790#issuecomment-261103076

maggienj commented 7 years ago

<<From the discussion thread: I've started a branch (https://github.com/suqld/elastalert/tree/support_es5) that we can work on. I'll try and find ways to make it crash (based on the breaking changes), then commit fixes >>

We have created a similar es5 repository for all es5 changes in activedata repository in github. https://github.com/activedata/