Integration with elasticsearch v5 #790
Comments
|
ES 5 has been around for a while already, its the GA version that just came out, any ETA on the support would be lovely 👍 |
|
+1 |
1 similar comment
|
+1 |
|
+1 On Sat, Nov 5, 2016 at 5:14 AM -0700, "lrolsen" <[email protected]mailto:[email protected]> wrote: +1 You are receiving this because you are subscribed to this thread. |
|
@watollop say me to put +1 here |
|
+1 |
|
+1 Duplicate of #510 |
|
+1 |
|
+1 |
|
Is it known what is broken and how can we help ? |
|
+1 |
|
Is it known what is broken and how can we help ? as i known, it is because "filter" is not available any more in ES 5.0. There are many "filter" query in EA which will get the 400 HTTP response for the incorrect query clause. |
|
+1 |
1 similar comment
|
+1 |
|
It looks like all needed is to rewrite this query: Documentation says that change should be simple: https://www.elastic.co/guide/en/elasticsearch/reference/5.0/query-dsl-filtered-query.html I'll try to find some time, my python is a bit rusty :) |
|
My reading of that doc suggests that the change should be: diff --git a/elastalert/elastalert.py b/elastalert/elastalert.py
index 2cbd553..a13e739 100644
--- a/elastalert/elastalert.py
+++ b/elastalert/elastalert.py
@@ -156,7 +156,7 @@ class ElastAlerter():
if starttime and endtime:
es_filters['filter']['bool']['must'].insert(0, {'range': {timestamp_field: {'gt': starttime,
'lte': endtime}}})
- query = {'query': {'filtered': es_filters}}
+ query = {'query': {'bool': es_filters}}
if sort:
query['sort'] = [{timestamp_field: {'order': 'desc' if desc else 'asc'}}]
return queryI'll see if I can make it work in our ES5 environment |
|
@timwsuqld: plus |
|
@stumyp Good point. Any idea if we already detect ES version anywhere? |
|
@timwsuqld : So far I saw only this: 6358435 Not really a version detection :) |
|
I'm also not sure if the elasticsearch library (https://pypi.python.org/pypi/elasticsearch/5.0.1) is backwards compatible. My understanding is that it should be, so we can use version 5 of the library with older ES clusters. |
|
From what they say on the link you gave: major version of library must match ES version. |
|
I believe this patch must also be applied, because id must be explicitly set to None. |
|
For what it's worth, I appear to have no problems using the elasticsearch 2.4.0 library, and the index creation worked without a problem, as do my filters with my patch. I'm sure there are incompatibilities between the 2.4.0 library and ES 5, but maybe the things that we need won't actually hit those incompatibilities? |
|
The filters work fine? The current format is The docs say that filtered has been deprecated. I'm not really an expert on the query DSL though. Another breaking change: No more search_type=count is removed too These are just what stood out when scanning the breaking changes page |
|
For reference: elastic/elasticsearch-py#476 |
|
@Qmando , @timwsuqld : I think good way to test compatibility and see if any deprecated queries left is to run your elastalert instance on cluster with enabled deprecation logging: This is what I have in my logs: a lot of this: and this: |
|
@Qmando Thanks adding |
|
@tfgm-bud What elasticsearch python module version are you using? Also, can you post some of those simple queries. Thank You! |
|
@bHoskins07 Not sure what you are asking with "What elasticsearch python module version are you using?". I'm using the github version and changing to the support_es5 branch:
And a simple query would be: Not sure how much that really helps you though.... |
|
@tfgm-bud To find the version of the elasticsearch module, type |
|
@Qmando oh, I mis-read @bHoskins07 question and was thinking he was asking about elastalert. elasticsearch==2.4.0 |
|
Im new to this but why does this work: But this doesn't: Aren't they the same thing? The latter gives the following error I'm guessing this is the same issue as @Hronom has. |
|
Thank You @tfgm-bud. I was testing 5.1.1 using elastalert-test-rule which was not working. When I switched to $ python -m elastalert.elastalert --rule it worked. Also, I am using python elasticsearch module 5.0.1 |
|
@bHoskins07 - I see what you mean. I upgraded to $ elastalert-test-rule --config /etc/elastalert/config.yaml /etc/elastalert/rules/news.yaml
Traceback (most recent call last):
File "/usr/local/bin/elastalert-test-rule", line 6, in <module>
from pkg_resources import load_entry_point
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 3015, in <module>
@_call_aside
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2999, in _call_aside
f(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 3028, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 657, in _build_master
return cls._build_from_requirements(__requires__)
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 670, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 849, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'elasticsearch<3.0.0' distribution was not found and is required by elastalertI made the following change to try to fix it and it works for me: @timwsuqld can you incorporate this into your branch? -- Bud |
|
@Qmando , I had the same issue while working with master branch. After checking out support_es5 branch and switching to that branch, it works perfectly fine. Can you please merge this branch to master branch and let me know after merging? |
|
Wahoo! I'm watching and waiting for ES5! |
|
I added an issue with the branch as a comment in the PR. Is that OK? Should I mention the problem here or should I create a separate issue for that branch? |
|
Hi,
Yes, thanks for adding it in the PR. No need to create a separate issue for that branch.
Thanks and regards,
Deepthi D
From: Dominik Sandjaja [mailto:[email protected]]
Sent: Monday, January 9, 2017 8:53 PM
To: Yelp/elastalert <[email protected]>
Cc: Deepthi D <[email protected]>; Comment <[email protected]>
Subject: Re: [Yelp/elastalert] Integration with elasticsearch v5 (#790)
I added an issue with the branch as a comment in the PR. Is that OK? Should I mention the problem here or should I create a separate issue for that branch?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#790 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AWWRWKEbKy_zcbgsbmW228UAHZqtCuVMks5rQlC4gaJpZM4KnOvN>.
|
|
@Qmando thank you for the support_es5 branch. Works for me with changes to query as suggested by @doublesea |
|
then, I would try elastalert on ES5? |
|
+1 |
|
@rptete Go right ahead. |
|
+1. is there an eta for merging the support_es5 branch into mainstream? |
|
Please notify when you merge this branch to the master one. Thanks |
|
This has been merged with master and released. |
|
Im running elasticsearch 5.2.2 root@logstash:/data/elastalert# elastalert-create-index |
|
after its working, thanks |
[MS Teams] Add arbitrary text value support for Facts
and others
Hi
I know that the new version v5 of elasticsearch has just being released, but do you know when it will be available the integration of elastalert with the new version? At the moment I am getting:
Thanks for this great tool!!!!
The text was updated successfully, but these errors were encountered: