要不要也来分享分享一下啊

ELK与elastalert集成

Elasticsearch | 作者 jaminzhou | 发布于2016年12月07日 | 阅读数:9391

ELK 5.0.2与elastalert集成时报错:
Error running your filter:
RequestError(400, u'parsing_exception', {u'status': 400, u'error': {u'line': 1, u'root_cause': [{u'reason': u'no [query] registered for [filtered]', u'type': u'parsing_exception', u'line': 1, u'col': 68}], u'type': u'parsing_exception', u'reason': u'no [query] registered for [filtered]', u'col': 68}})
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent. To send them, use --verbose.
已邀请:

jaminzhou

赞同来自:

自己回复下,经过测试后发现是rule中的filter写错了,'no [query] registered for [filtered]' 这个出错是filter中的filtered部分写错了

solomon2012 - 80后IT男

赞同来自:

https://github.com/suqld/elast ... t_es5,
安装后测试 # elastalert-test-rule /etc/elastalert/rzpt_rules/pub-nginx-monitor.yaml
Error running your filter:
RequestError(400, u'parsing_exception', {u'status': 400, u'error': {u'line': 1, u'root_cause': [{u'reason': u'no [query] registered for [filtered]', u'type': u'parsing_exception', u'line': 1, u'col': 68}], u'type': u'parsing_exception', u'reason': u'no [query] registered for [filtered]', u'col': 68}})
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent. To send them, use --verbose.
WARNING:elasticsearch:GET http://10.1.53.76:9200/logstash-pub-nginx-monitor-*/_search?_source_include=%40timestamp%2C%2A&ignore_unavailable=true&scroll=30s&size=10000 [status:400 request:0.003s],
感觉像和 es5.0 兼容的问题

df007df

赞同来自:

问题解决了嘛?
 

要回复问题请先登录注册