Elastalert: an id must be provided if version type or value are set;

Created on 6 Nov 2016  Â·  11Comments  Â·  Source: Yelp/elastalert

hi there,
I am new in elastalert. I got this error after making my first alert. anybody can help?

ERROR:root:Error writing alert info to Elasticsearch: TransportError(400, u'action_request_validation_exception', u'Validation Failed: 1: an id must be provided if version type or value are set;') Traceback (most recent call last): File "/opt/elastalert/elastalert/elastalert.py", line 1018, in writeback doc_type=doc_type, body=body) File "build/bdist.linux-x86_64/egg/elasticsearch/client/utils.py", line 69, in _wrapped return func(args, params=params, *kwargs) File "build/bdist.linux-x86_64/egg/elasticsearch/client/__init__.py", line 248, in create return self.index(index, doc_type, body, id=id, params=params, op_type='create') File "build/bdist.linux-x86_64/egg/elasticsearch/client/utils.py", line 69, in _wrapped return func(args, params=params, *kwargs) File "build/bdist.linux-x86_64/egg/elasticsearch/client/__init__.py", line 279, in index _make_path(index, doc_type, id), params=params, body=body) File "build/bdist.linux-x86_64/egg/elasticsearch/transport.py", line 327, in perform_request status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout) File "build/bdist.linux-x86_64/egg/elasticsearch/connection/http_requests.py", line 84, in perform_request self._raise_error(response.status_code, raw_data) File "build/bdist.linux-x86_64/egg/elasticsearch/connection/base.py", line 113, in _raise_error raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_message, additional_info) RequestError: TransportError(400, u'action_request_validation_exception', u'Validation Failed: 1: an id must be provided if version type or value are set;') INFO:elastalert:Ran Example rule from 2016-11-06 11:32 IRST to 2016-11-06 11:47 IRST: 0 query hits, 0 matches, 0 alerts sen

and this is my example_frequency.yaml file :

es_host: localhost

(Optional)

Elasticsearch port

es_port: 9200

(OptionaL) Connect with SSL to Elasticsearch

use_ssl: True

(Optional) basic-auth username and password for Elasticsearch

es_username:
es_password:

(Required)

Rule name, must be unique

name: Example rule

(Required)

Type of alert.

the frequency rule type alerts when num_events events occur with timeframe time

type: frequency

(Required)

Index to search, wildcard supported

index: metricbeat-*

(Required, frequency specific)

Alert when this many documents matching the query occur within a timeframe

num_events: 50

(Required, frequency specific)

num_events must occur within this amount of time to trigger an alert

timeframe:
hours: 1
filter:

term:

some_field: "some_value"

host: 'something'

count: 1

(Required)

The alert is use when a match is found

alert:

"email"
(required, email specific)

a list of email addresses to send alerts to

email:

'*@yahoo.com'

picture ehsan-bay

Most helpful comment

This branch contains es5 support, though it's still in testing phase. https://github.com/Yelp/elastalert/pull/820

picture Qmando on 22 Nov 2016
👍3 🎉1

All 11 comments

Are you using ES 5????

ravi45722 picture ravi45722 on 11 Nov 2016

Looks related to https://github.com/elastic/elasticsearch/issues/21535 if you are using version 5.

rkyser picture rkyser on 15 Nov 2016

thanks Ryan.
but would you please say me a solution? I used elasticsearch 5 but I
downgrade its version to 2.* . I will be so happy if you help me.
On Nov 15, 2016 8:59 PM, "Ryan Kyser" [email protected] wrote:

Looks related to elastic/elasticsearch#21535
https://github.com/elastic/elasticsearch/issues/21535 if you are using
version 5.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/Yelp/elastalert/issues/797#issuecomment-260708699,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ATqEr7bvljSaq3hr64PNcyDkQAyCsfbJks5q-ev2gaJpZM4Kqg4W
.

ehsan-bay picture ehsan-bay on 15 Nov 2016

yes I am. what can I do to resolve this issue? thanks a lot.
On Nov 11, 2016 1:27 PM, "ravi45722" notifications@github.com wrote:

Are you using ES 5????

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/Yelp/elastalert/issues/797#issuecomment-259922606,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ATqEr4zMsB9uSFISlIiq_He5rerC9XrVks5q9DwHgaJpZM4Kqg4W
.

ehsan-bay picture ehsan-bay on 15 Nov 2016

same here!

gkozyryatskyy picture gkozyryatskyy on 18 Nov 2016

I hit the same issue today. I like to use ES 5.0 with elastalert, I wonder how can I workaround of this?

QingsongYao picture QingsongYao on 22 Nov 2016
😕2 🚀1

Hi there,
I find that client.create() actually requires an id now, but if you use
client.index() instead it will auto-generate the id.
so if you change this line
line 123 : _es.indices.create(index)_
in this file _create_index.py_ it will be ok.
I change this line to

  • es.indices.index(index)*
    and then I run this command : _python setup.py install_
    but I got this error :
    Traceback (most recent call last):
    File "/usr/local/bin/elastalert-create-index", line 9, in
    load_entry_point('elastalert==0.1.3', 'console_scripts',
    'elastalert-create-index')()
    File "/usr/local/lib/python2.7/dist-packages/elastalert-0.1.
    3-py2.7.egg/elastalert/create_index.py", line 124, in main
    es.indices.index(index)
    AttributeError: 'IndicesClient' object has no attribute 'index'

could you please help me?

On Tue, Nov 22, 2016 at 4:41 AM, Qingsong Yao [email protected]
wrote:

I hit the same issue today. I like to use ES 5.0 with elastalert, I wonder
how can I workaround of this?

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/Yelp/elastalert/issues/797#issuecomment-262118189,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ATqErwvZbigjHcLfWS3mxbUeswSnNyN1ks5rAkE0gaJpZM4Kqg4W
.

best regards
Ehsan Bayandor

ehsan-bay picture ehsan-bay on 22 Nov 2016

This branch contains es5 support, though it's still in testing phase. https://github.com/Yelp/elastalert/pull/820

Qmando picture Qmando on 22 Nov 2016
👍3 🎉1

Ah, i got the same problem using stroongloop, figuring out how to do the 'index' thing

bheru27 picture bheru27 on 13 Feb 2017

In ES 5.x, use index not create, the _id will auto generate

kwdfmzhu picture kwdfmzhu on 24 May 2017
👍3

@kwdfmzhu thanks

ghost picture ghost on 24 May 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

PMDubuc picture PMDubuc  Â·  3Comments
Eyad87 picture Eyad87  Â·  4Comments
shaohk picture shaohk  Â·  4Comments
aromualdo picture aromualdo  Â·  4Comments
abhishekjiitr picture abhishekjiitr  Â·  3Comments