Elastalert: AttributeError: 'module' object has no attribute 'FullLoader'
Hi,
When I started elastalert,I reported the following error.Can you help me?
python -m elastalert.elastalert --config ./config.yaml --rule ./example_rules/prod_dsg.yaml
Traceback (most recent call last):
File "/usr/lib64/python2.7/runpy.py", line 162, in _run_module_as_main
"__main__", fname, loader, pkg_name)
File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/data/elastalert/elastalert/elastalert.py", line 22, in
from config import get_rule_hashes
File "elastalert/config.py", line 31, in
rule_schema = jsonschema.Draft4Validator(yaml.load(open(os.path.join(os.path.dirname(__file__), 'schema.yaml')), Loader=yaml.FullLoader))
AttributeError: 'module' object has no attribute 'FullLoader'
guoyingying12
All 8 comments
FullLoader can't be used in python2.7, find config.py and delete Loader=yaml.FullLoader.
JackyShin
on 17 Jun 2019
FullLoader can't be used in python2.7, find config.py and delete Loader=yaml.FullLoader.
Hi~
Thanks,I delete 'Loader=yaml.FullLoader',but when I started elastalert,I reported the following new error.
elastalert 0.1.39
elasticsearch 6.7.2
python -m elastalert.elastalert --config /data/elastalert/config.yaml --verbose --rule /data/elastalert/example_rules/prod_dsg.yaml
#
INFO:elastalert:Starting up
WARNING:elasticsearch:GET http://172.16.19.239:9200/elastalert_status/_search?size=1000 [status:400 request:0.005s]
ERROR:root:Error finding recent pending alerts: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on') {'sort': {'alert_time': {'order': 'asc'}}, 'query': {'bool': {'filter': {'range': {'alert_time': {'to': '2019-06-17T07:58:03.461081Z', 'from': '2019-06-15T07:58:03.461053Z'}}}, 'must': {'query_string': {'query': '!_exists_:aggregate_id AND alert_sent:false'}}}}}
Traceback (most recent call last):
File "/data/elastalert/elastalert/elastalert.py", line 1519, in find_recent_pending_alerts
res = self.writeback_es.search(index=self.writeback_index, body=query, size=1000)
File "/usr/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 84, in _wrapped
return func(args, params=params, *kwargs)
File "/usr/lib/python2.7/site-packages/elasticsearch/client/__init__.py", line 819, in search
"GET", _make_path(index, "_search"), params=params, body=body
File "/usr/lib/python2.7/site-packages/elasticsearch/transport.py", line 353, in perform_request
timeout=timeout,
File "/usr/lib/python2.7/site-packages/elasticsearch/connection/http_requests.py", line 155, in perform_request
self._raise_error(response.status_code, raw_data)
File "/usr/lib/python2.7/site-packages/elasticsearch/connection/base.py", line 178, in _raise_error
status_code, error_message, additional_info
RequestError: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on')
INFO:elastalert:Queried rule prod_dsg from 2019-06-17 15:43 CST to 2019-06-17 15:58 CST: 0 / 0 hits
INFO:elastalert:Ran prod_dsg from 2019-06-17 15:43 CST to 2019-06-17 15:58 CST: 0 query hits (0 already seen), 0 matches, 0 alerts sent
INFO:elastalert:Sleeping for 59.945863 seconds
guoyingying12
on 17 Jun 2019
FullLoader can't be used in python2.7, find config.py and delete Loader=yaml.FullLoader.
In that case what version of Python are you supposed to run? ElastAlert documentation says to use 2.7.
https://elastalert.readthedocs.io/en/latest/running_elastalert.html#requirements
nicholasgibson2
on 29 Jun 2019
FullLoader can't be used in python2.7, find config.py and delete Loader=yaml.FullLoader.
Hi~
Thanks,I delete 'Loader=yaml.FullLoader',but when I started elastalert,I reported the following new error.
elastalert 0.1.39
elasticsearch 6.7.2python -m elastalert.elastalert --config /data/elastalert/config.yaml --verbose --rule /data/elastalert/example_rules/prod_dsg.yaml
#
INFO:elastalert:Starting up
WARNING:elasticsearch:GET http://172.16.19.239:9200/elastalert_status/_search?size=1000 [status:400 request:0.005s]
ERROR:root:Error finding recent pending alerts: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on') {'sort': {'alert_time': {'order': 'asc'}}, 'query': {'bool': {'filter': {'range': {'alert_time': {'to': '2019-06-17T07:58:03.461081Z', 'from': '2019-06-15T07:58:03.461053Z'}}}, 'must': {'query_string': {'query': '!_exists_:aggregate_id AND alert_sent:false'}}}}}
Traceback (most recent call last):
File "/data/elastalert/elastalert/elastalert.py", line 1519, in find_recent_pending_alerts
res = self.writeback_es.search(index=self.writeback_index, body=query, size=1000)
File "/usr/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 84, in _wrapped
return func(args, params=params, kwargs)
File "/usr/lib/python2.7/site-packages/elasticsearch/client/init*.py", line 819, in search
"GET", _make_path(index, "_search"), params=params, body=body
File "/usr/lib/python2.7/site-packages/elasticsearch/transport.py", line 353, in perform_request
timeout=timeout,
File "/usr/lib/python2.7/site-packages/elasticsearch/connection/http_requests.py", line 155, in perform_request
self._raise_error(response.status_code, raw_data)
File "/usr/lib/python2.7/site-packages/elasticsearch/connection/base.py", line 178, in _raise_error
status_code, error_message, additional_info
RequestError: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on')
INFO:elastalert:Queried rule prod_dsg from 2019-06-17 15:43 CST to 2019-06-17 15:58 CST: 0 / 0 hits
INFO:elastalert:Ran prod_dsg from 2019-06-17 15:43 CST to 2019-06-17 15:58 CST: 0 query hits (0 already seen), 0 matches, 0 alerts sent
INFO:elastalert:Sleeping for 59.945863 seconds
query syntax or query attributes seems to have some problem, check query itself and the index. Is it a timeseries index including @timestamp inside or someelse
JackyShin
on 10 Jul 2019
FullLoader can't be used in python2.7, find config.py and delete Loader=yaml.FullLoader.
In that case what version of Python are you supposed to run? ElastAlert documentation says to use 2.7.
https://elastalert.readthedocs.io/en/latest/running_elastalert.html#requirements
not sure the problem is led into by python version or someelse such as environment, just found that FullLoader was used since a centain version of elastalert,so this method should work without effecting any function at least so far
JackyShin
on 10 Jul 2019
FullLoader can't be used in python2.7, find config.py and delete Loader=yaml.FullLoader.
In that case what version of Python are you supposed to run? ElastAlert documentation says to use 2.7.
https://elastalert.readthedocs.io/en/latest/running_elastalert.html#requirementsnot sure the problem is led into by python version or someelse such as environment, just found that FullLoader was used since a centain version of elastalert,so this method should work without effecting any function at least so far
Now, elastalert was installed successfully.
ENV:elasticsearch,kibana ->5.6.16
logstash,filebeat ->6.7.2(5.6.16 is ok also)
Reinstall it,python must uninstall Depend on the package
guoyingying12
on 10 Jul 2019
you need to install PyYAML using pip
pip install PyYAML==5.1 should fix the problem
Evasion
on 30 Aug 2019
I ran into the FullLoader message while running elastalert-create-index.
When I tried to install PyYAML, I got this message:
Requirement already satisfied: PyYAML in /usr/local/lib/python2.7/dist-packages (3.13)
I'm guessing that is why @Evasion added the version to the install command. pip install PyYAML --upgrade fixed it for me.
So, thanks @Evasion !
Would a documentation change or modification of what happens when you run python setup.py install help people not run into this error?
jerrac
on 5 Nov 2019
Related issues
abhishekjiitr
·
3Comments
shortstack
·
3Comments
tkumark
·
3Comments
vaibhavtupe
·
4Comments
junaid1460
·
3Comments
Most helpful comment
you need to install PyYAML using pip
pip install PyYAML==5.1 should fix the problem