Error when I change my index

Question

Error when I change my index

JBRabiller opened this issue a year ago · 0 comments

I did several rules with a particular index using Elastalert jertel docker and it works well.
I have created a new rule with another index of Elasticsearch and encounterd an issue never seen before where I'm stucked
File "/usr/local/lib/python3.11/site-packages/elastalert/elastalert.py", line 1235, in handle_rule_execution num_matches = self.run_rule(rule, endtime, rule.get('initial_starttime')) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/elastalert/elastalert.py", line 889, in run_rule if self.is_silenced(rule['name'] + "._silence") or self.is_silenced(silence_cache_key): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/elastalert/elastalert.py", line 1728, in is_silenced until_ts = res['hits']['hits'][0]['_source']['until'] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^ KeyError: 'until'

I don't understand at all what it means and how to solve it, any clue ?