Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unknown key for a START_OBJECT in [filter] #1

Open
maggienj opened this issue Jul 6, 2017 · 4 comments
Open

Unknown key for a START_OBJECT in [filter] #1

maggienj opened this issue Jul 6, 2017 · 4 comments

Comments

@maggienj
Copy link
Owner

maggienj commented Jul 6, 2017

Facing this err in issue45:
Unknown key for a START_OBJECT in [filter]
@maggienj
Copy link
Owner Author

maggienj commented Jul 6, 2017
edited
Loading

It looks like all needed is to rewrite this query:

<<From the discussion thread:
https://github.com/Yelp/elastalert/blob/master/elastalert/elastalert.py#L159
(thanks @bkeifer )

Documentation says that change should be simple: https://www.elastic.co/guide/en/elasticsearch/reference/5.0/query-dsl-filtered-query.html

I'll try to find some time, my python is a bit rusty :)
<<<<From the discussion thread:

From: Yelp/elastalert#790

@maggienj
Copy link
Owner Author

maggienj commented Jul 6, 2017
edited
Loading

Another point to remember from the same discussion thread:

<<From the discussion thread:
The filters work fine? The current format is

query:
filtered:
filter:
bool:
must: [filters from rule here]
The docs say that filtered has been deprecated. I'm not really an expert on the query DSL though.

Another breaking change: No more fields
https://github.com/Yelp/elastalert/blob/master/elastalert/elastalert.py#L243
That should be stored_fields instead.

search_type=count is removed too
https://github.com/Yelp/elastalert/blob/master/elastalert/elastalert.py#L318
Instead, you have to add size: 0

These are just what stood out when scanning the breaking changes page
Yelp/elastalert#790 (comment)

@maggienj
Copy link
Owner Author

maggienj commented Jul 6, 2017
edited
Loading

I have the same question which is...

<<From the discussion thread: @Qmando the filters work fine with my above patch, and the ES 2.4.0 library against a ES 5.0.0 server
The filter comes out something like:

query:
  bool:
    filter:
      bool:
        must: [filters from rule here]

<<From the discussion thread:
It looks odd with a bool then filter then bool, it just happens we are using the bool filter.
@stumyp I'm not sure if your shorter query would work, it's not what I understood the docs to mean. >>

Yelp/elastalert#790 (comment)

@maggienj
Copy link
Owner Author

maggienj commented Jul 6, 2017
edited
Loading

<<From the discussion thread: I've started a branch (https://github.com/suqld/elastalert/tree/support_es5) that we can work on. I'll try and find ways to make it crash (based on the breaking changes), then commit fixes >>

We have created a similar es5 repository for all es5 changes in activedata repository in github.
https://github.com/activedata/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@maggienj