Yelp/elastalert

query string has error?

lagougou opened this issue · 0 comments

lagougou commented

name: Beep_payment_error_monitor
type: frequency
index: filebeat-*
num_events: 10
aggregation:
minutes: 5
timeframe:
minutes: 5
buffer_time:
minutes: 10
query_delay:
hours: 0
query_key:

  • message
    filter:
  • query:
    • query_string:
      query: "message: kubernetes.container.name: payment-api AND kubernetes.namespace: pro"
      alert:
  • command
    command: /usr/bin/python3 /root/elastalert/send_message.py
    pipe_alert_text: true
    alert_subject: 'Alert: System {0} occurred {1} times.'
    alert_subject_args:
  • '@timestamp'
  • num_hits
    alert_text: >-
    {1} Alert: Payment-api Uncaught Exception {2} times, You can access all of error log on
    Kibana: {0} storehub alert dashboard
    alert_text_args:
  • kibana_url
  • '@timestamp'
  • num_hits
    kibana_url: >-
    https://kibana.mymyhub.com/app/kibana#/dashboard/4c8cbec0-f188-11ea-ade3-3fb45f1c9de3
    timestamp_field: '@timestamp'

this is my rule file
i migrate the data from elasticsearch to aws elasticsearch
before the query string is ok, but now the query is with exception RequestError(400, 'x_content_parse_exception', '[1:143] [bool] failed to parse field [must]')