search

webdevops / alertmanager2es

Collects alertmanager alerts and pushes them to ElasticSearch (fork from cloudflare)
Apache License 2.0
15 stars 20 forks source link

Elasticsearch 8.9.1 template error #5

Open smarakdas314 opened 8 months ago

smarakdas314 commented 8 months ago

Hi, trying to set this up in elasticsearch 8.9.1

Template creation I copy pasted is giving me an error, what I am missing ?

{
  "template": "alertmanager-2*",
  "settings": {
    "number_of_shards": 1,
    "number_of_replicas": 1,
    "index.refresh_interval": "10s",
    "index.query.default_field": "groupLabels.alertname"
  },
  "mappings": {
    "_default_": {
      "_all": {
        "enabled": false
      },
      "properties": {
        "@timestamp": {
          "type": "date",
          "doc_values": true
        }
      },
      "dynamic_templates": [
        {
          "string_fields": {
            "match": "*",
            "match_mapping_type": "string",
            "mapping": {
              "type": "string",
              "index": "not_analyzed",
              "ignore_above": 1024,
              "doc_values": true
            }
          }
        }
      ]
    }
  }
}
{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "[1:328] [index_template] failed to parse field [template]",
  "attributes": {
    "error": {
      "root_cause": [
        {
          "type": "x_content_parse_exception",
          "reason": "[1:328] [template] failed to parse field [settings]"
        }
      ],
      "type": "x_content_parse_exception",
      "reason": "[1:328] [index_template] failed to parse field [template]",
      "caused_by": {
        "type": "x_content_parse_exception",
        "reason": "[1:328] [template] failed to parse field [settings]",
        "caused_by": {
          "type": "illegal_state_exception",
          "reason": "only value lists are allowed in serialized settings"
        }
      }
    },
    "causes": [
      "[1:328] [template] failed to parse field [settings]",
      "only value lists are allowed in serialized settings"
    ]
  }
}
smarakdas314 commented 8 months ago

what about this?

{
  "template": "alertmanager-2*",
  "settings": {
    "number_of_shards": 1,
    "number_of_replicas": 1,
    "index": {
      "refresh_interval": "10s",
      "query": {
        "default_field": "groupLabels.alertname"
      }
    }
  },
  "mappings": {
    "_default_": {
      "_all": {
        "enabled": false
      },
      "properties": {
        "@timestamp": {
          "type": "date",
          "doc_values": true
        }
      },
      "dynamic_templates": [
        {
          "string_fields": {
            "match": "*",
            "match_mapping_type": "string",
            "mapping": {
              "type": "string",
              "index": "not_analyzed",
              "ignore_above": 1024,
              "doc_values": true
            }
          }
        }
      ]
    }
  }
}
@@ -6,7 +6,7 @@
   "template": "alertmanager-2*",
   "settings": {
-    "number_of_shards": 1,
-    "number_of_replicas": 1,
-    "index.refresh_interval": "10s",
-    "index.query.default_field": "groupLabels.alertname"
+    "number_of_shards": 1,
+    "number_of_replicas": 1,
+    "index": {
+      "refresh_interval": "10s",
+      "query": {
+        "default_field": "groupLabels.alertname"
+      }
+    }
   },
   "mappings": {
     "_default_": {
@@