Hello-Linux
python3运行规则匹配到后不发送告警,0sent?
python3 -m elastalert.elastalert --verbose --rule ../elastalert_wechat_plugin/es_rules/wechart2.yaml --config ../elastalert_wechat_plugin/config/config.yaml 1 rules loaded INFO:elastalert:Starting up INFO:elastalert:Disabled rules are: [] INFO:elastalert:Sleeping for 59.999454 seconds INFO:elastalert:Queried rule schedulee from 2020-03-09 16:26 CST to 2020-03-09 16:30 CST: 12 / 12 hits /usr/local/python3.6/lib/python3.6/site-packages/urllib3-1.25.8-py3.6.egg/urllib3/connectionpool.py:1004: InsecureRequestWarning: Unverified HTTPS request is being made to host 'qyapi.weixin.qq.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning, ERROR:root:Traceback (most recent call last): File "/data/elastalert/elastalert/elastalert.py", line 1450, in alert return self.send_alert(matches, rule, alert_time=alert_time, retried=retried) File "/data/elastalert/elastalert/elastalert.py", line 1544, in send_alert alert.alert(matches) File "/usr/local/python3.6/lib/python3.6/site-packages/elastalert-0.2.1-py3.6.egg/elastalert_modules/wechat_qiye_alert.py", line 57, in alert self.senddata(body) File "/usr/local/python3.6/lib/python3.6/site-packages/elastalert-0.2.1-py3.6.egg/elastalert_modules/wechat_qiye_alert.py", line 124, in senddata response = requests.post(send_url, data=json.dumps(payload, ensure_ascii=False), headers=headers,verify=False) File "/usr/local/python3.6/lib/python3.6/json/init.py", line 238, in dumps **kw).encode(obj) File "/usr/local/python3.6/lib/python3.6/json/encoder.py", line 199, in encode chunks = self.iterencode(o, _one_shot=True) File "/usr/local/python3.6/lib/python3.6/json/encoder.py", line 257, in iterencode return _iterencode(o, 0) File "/usr/local/python3.6/lib/python3.6/json/encoder.py", line 180, in default o.class.name) TypeError: Object of type 'bytes' is not JSON serializable
ERROR:root:Uncaught exception running rule schedulee: Object of type 'bytes' is not JSON serializable INFO:elastalert:Rule schedulee disabled INFO:elastalert:Ignoring match for silenced rule schedulee INFO:elastalert:Ignoring match for silenced rule schedulee INFO:elastalert:Ignoring match for silenced rule schedulee INFO:elastalert:Ignoring match for silenced rule schedulee INFO:elastalert:Ignoring match for silenced rule schedulee INFO:elastalert:Ignoring match for silenced rule schedulee INFO:elastalert:Ignoring match for silenced rule schedulee INFO:elastalert:Ignoring match for silenced rule schedulee INFO:elastalert:Ignoring match for silenced rule schedulee INFO:elastalert:Ignoring match for silenced rule schedulee INFO:elastalert:Ignoring match for silenced rule schedulee INFO:elastalert:Ran schedulee from 2020-03-09 16:26 CST to 2020-03-09 16:30 CST: 12 query hits (0 already seen), 12 matches, 0 alerts sent
INFO:elastalert:Ignoring match for silenced rule log_error INFO:elastalert:Ran log_error from 2020-03-09 16:40 CST to 2020-03-09 16:55 CST: 988 query hits (0 already seen), 988 matches, 0 alerts sent INFO:elastalert:Background configuration change check run at 2020-03-09 16:55 CST WARNING:elasticsearch:GET http://172.16.50.43:9200/elastalert_status_status/_search?size=1000 [status:400 request:0.009s] ERROR:root:Error finding recent pending alerts: RequestError(400, 'search_phase_execution_exception', 'No mapping found for [alert_time] in order to sort on') {'query': {'bool': {'must': {'query_string': {'query': '!exists:aggregate_id AND alert_sent:false'}}, 'filter': {'range': {'alert_time': {'from': '2020-03-08T08:55:48.751438Z', 'to': '2020-03-09T08:55:48.751494Z'}}}}}, 'sort': {'alert_time': {'order': 'asc'}}} Traceback (most recent call last): File "/data/elastalert/elastalert/elastalert.py", line 1640, in find_recent_pending_alerts res = self.writeback_es.search(index=self.writeback_index, body=query, size=1000) File "/usr/local/python3.6/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/client/utils.py", line 84, in _wrapped return func(*args, params=params, **kwargs) File "/usr/local/python3.6/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/client/init.py", line 811, in search "GET", _make_path(index, "_search"), params=params, body=body File "/usr/local/python3.6/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/transport.py", line 318, in perform_request status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout) File "/usr/local/python3.6/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/connection/http_requests.py", line 91, in perform_request self._raise_error(response.status_code, raw_data) File "/usr/local/python3.6/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/connection/base.py", line 131, in _raise_error raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_message, additional_info) elasticsearch.exceptions.RequestError: RequestError(400, 'search_phase_execution_exception', 'No mapping found for [alert_time] in order to sort on') INFO:elastalert:Background alerts thread 0 pending alerts sent at 2020-03-09 16:55 CST
