Elastalert: TypeError: search() got an unexpected keyword argument '_source_include'
Hi,
I use elastalert-test-rule to test my rule, error as follow:
elastalert-test-rule --config /etc/elastalert/config.yaml /etc/elastalert/es_rule/frequency.yaml
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
To send them but remain verbose, use --verbose instead.
Didn't get any results.
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
To send them but remain verbose, use --verbose instead.
1 rules loaded
INFO:apscheduler.scheduler:Adding job tentatively -- it will be properly scheduled when the scheduler starts
Traceback (most recent call last):
File "/usr/local/bin/elastalert-test-rule", line 8, in
sys.exit(main())
File "/usr/local/python3.6/lib/python3.6/site-packages/elastalert/test_rule.py", line 445, in main
test_instance.run_rule_test()
File "/usr/local/python3.6/lib/python3.6/site-packages/elastalert/test_rule.py", line 437, in run_rule_test
self.run_elastalert(rule_yaml, conf, args)
File "/usr/local/python3.6/lib/python3.6/site-packages/elastalert/test_rule.py", line 318, in run_elastalert
client.run_rule(rule, endtime, starttime)
File "/usr/local/python3.6/lib/python3.6/site-packages/elastalert/elastalert.py", line 883, in run_rule
if not self.run_query(rule, rule['starttime'], tmp_endtime):
File "/usr/local/python3.6/lib/python3.6/site-packages/elastalert/elastalert.py", line 632, in run_query
data = self.get_hits(rule, start, end, index, scroll)
File "/usr/local/python3.6/lib/python3.6/site-packages/elastalert/elastalert.py", line 383, in get_hits
*extra_args
File "/usr/local/python3.6/lib/python3.6/site-packages/elasticsearch/client/utils.py", line 84, in _wrapped
return func(args, params=params, **kwargs)
TypeError: search() got an unexpected keyword argument '_source_include'
please help me what's the promblem.
es : 6.3.2
python: 3.6.8
AweiWoo
All 3 comments
pip3 uninstall elasticsearch -y
pip3 install "elasticsearch=7.0.0"
try this?
guyuecode
on 15 Nov 2019
I had the same problem with py2 elasticsearch module 7.0.5 (and 7.1.0). downgrading to 7.0.0 result:
```
WARNING:elasticsearch:GET http://127.0.0.1:9200/alerts-2019.11.20/_search?_source_include=%40timestamp%2C%2A&ignore_unavailable=true&scroll=30s&size=10000 [status:400 request:0.007s]
ERROR:root:Error running query: RequestError(400, u'illegal_argument_exception', u'request [/alerts-2019.11.20/_search] contains unrecognized parameter: [_source_include] -> did you mean any of [_source_includes, _source_excludes]?')
Would have written the following documents to writeback index (default is elastalert_status):
elastalert_error - {'message': "Error running query: RequestError(400, u'illegal_argument_exception', u'request [/alerts-2019.11.20*/_search] contains unrecognized parameter: [_source_include]
```
ElasticSearch version 7.4.2 -- is it compatible? @guyuecode
ageis
on 21 Nov 2019
pip3 uninstall elasticsearch -y
pip3 install "elasticsearch=7.0.0"
try this?
Just a minor comment: You need one additional equal sign:
pip3 install "elasticsearch==7.0.0"
heiderich
on 14 Jan 2020
Related issues
rhysxevans
·
3Comments
shortstack
·
3Comments
wjk1982
·
3Comments
MaximilianKaltner
·
3Comments
PMDubuc
·
3Comments
Most helpful comment
pip3 uninstall elasticsearch -y
pip3 install "elasticsearch=7.0.0"
try this?