Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ES 5, Error running query: TransportError(400

See original GitHub issue

Hi, im runing ES 5 and just installed elastalert branch Support es5 #820 Im getting the following error on some of my rules, see below for error and rule.

INFO:elastalert:Ran name ms sql job error MAW from 2017-01-06 15:53 CET to 2017-01-06 16:08 CET: 0 query hits, 0 matches, 0 alerts sent WARNING:elasticsearch:GET http://localhost:9200/name-*/_search?_source_include=%40timestamp%2C%2A&ignore_unavailable=true&scroll=30s&size=10000 [status:400 request:0.004s] ERROR:root:Error running query: TransportError(400, {u'line': 1, u'root_cause': [{u'reason': u'no [query] registered for [query]', u'type': u'parsing_exception', u'line': 1, u'col': 208}], u'type': u'parsing_exception', u'reason': u'no [query] registered for [query]', u'col': 208})

name: name ms sql job error MAW
es_host: localhost
es_port: 9200
index: name-*
any: failed
type: any

filter:
- query:
    query_string:
      query: "task: *Job*"

Thanks in advance.

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Reactions:4
  • Comments:11 (4 by maintainers)

github_iconTop GitHub Comments

2reactions
Qmandocommented, Jan 6, 2017

You are definitely using support_es5 branch? This looks like a bug that was specifically fixed by https://github.com/Yelp/elastalert/pull/820/commits/bb09323ad893b22d17e0d7cb2aa50c52db18f80d.

Can you use runpython -c "import elastalert.elastalert;print elastalert.elastalert.ElastAlerter.is_five" just to verify for me that you have that branch? It should output <unbound method ElastAlerter.is_five>.

You can try changing the filter to

filter:
 - query_string:
      query: "task: *Job*"
0reactions
TroelsLcommented, Feb 9, 2017

That resolved it, thank you very much.

I would close this issue, but I just realized I hijacked another one.

Read more comments on GitHub >

github_iconTop Results From Across the Web

TransportError 400 Elasticsearch with huge list of terms
A 400 error means that there is something wrong with your query. Catch and inspect the detailed error message that is inside the...
Read more >
Transport Error 400 (parsing_exception) - Elasticsearch
I was facing this error because django-haystack is not compatible with Elasticsearch version 5. It is running smoothly with an older version.
Read more >
API Documentation — Elasticsearch 7.16.0 documentation
from elasticsearch import Elasticsearch es = Elasticsearch() # ignore 400 cause by ... Default: 5; default_operator – The default operator for query string ......
Read more >
transporterror(503, 'search_phase_execution_exception', none)
"error" · "root_cause" · "type":"script_exception" · "reason":"runtime error" · "script_stack" · "org.elasticsearch.xpack.vectors.query.ScoreScriptUtils$ ...
Read more >
Yelp/elastalert - Gitter
ERROR :root:Error running query: TransportError(400, ... Hi, I recently upgraded ELK to run on ES 5.x and since then I can't get elastalert...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

ElastAlert Kibana Plugin

Next page

Elastalert does not match any document + es_debug_trace logs have incorrect info