elastalert是否适用于ElasticSearch 6

Question

我有一个使用elasticsearch 5.6的elastalert docker镜像(https://hub.docker.com/r/ivankrizsan/elastalert/)，更改为使用ElasticSearch 6.1的测试环境(无索引)，现在获取

Creating Elastalert index in Elasticsearch...
Traceback (most recent call last):
  File "/usr/bin/elastalert-create-index", line 11, in <module>
    load_entry_point('elastalert', 'console_scripts', 'elastalert-create-index')()
  File "/opt/elastalert/elastalert/create_index.py", line 153, in main
    es.indices.put_mapping(index=index, doc_type='elastalert', body=es_mapping)
  File "build/bdist.linux-x86_64/egg/elasticsearch/client/utils.py", line 73, in _wrapped
  File "build/bdist.linux-x86_64/egg/elasticsearch/client/indices.py", line 282, in put_mapping
  File "build/bdist.linux-x86_64/egg/elasticsearch/transport.py", line 312, in perform_request
  File "build/bdist.linux-x86_64/egg/elasticsearch/connection/http_requests.py", line 90, in perform_request
  File "build/bdist.linux-x86_64/egg/elasticsearch/connection/base.py", line 125, in _raise_error
elasticsearch.exceptions.RequestError: TransportError(400, u'mapper_parsing_exception', u'No handler for type [string] declared on field [aggregate_id]')

Answer 1

到目前为止，elastalert还不支持开箱即用的elasticsearch 6.0。这里是github：https://github.com/Yelp/elastalert/issues/1399上的公开问题，它跟踪了这个问题。在https://github.com/Yelp/elastalert/pull/1426中也提到了漫游。

Answer 2

请升级到最新版本的elastalert。我使用的是Elasticsearch 6.2和ElastAlert 0.1.29，它们工作正常。