Parsing_exception occured when i ues es with elastalert

isummersing · November 24, 2017, 7:22am

here is my exceptions:
RequestError: TransportError(400, u'parsing_exception', u'Unknown key for a START_OBJECT in [filter].')
WARNING:elasticsearch:GET http://127.0.0.1:9200/logstash-*/_search?_source_include=%40timestamp%2C*&ignore_unavailable=true&scroll=30s&size=10000 [status:400 request:0.007s]
ERROR:root:Error running query: TransportError(400, u'parsing_exception', u'no [query] registered for [filtered]')

and my rules:
filter:

query:
query_string:
query: "INFO"
I am new to elasticsearch and i dont new how to write the rule and fileter,

dadoonet · November 24, 2017, 7:36am

You are probably mixing versions. I mean that this version of the project you are using is not compatible with elasticsearch 5 and >.

isummersing · November 24, 2017, 7:46am

i see,thank you for your reply.
and i wonder where can i download lower version es or any other projests can email me when my logs
occur "ERROR" or "WARN" .

dadoonet · November 24, 2017, 7:59am

I don't know.
The official plugin supported by elastic to do that is x-pack (commercial). It's always up to date with all elastic stack versions.

system · December 22, 2017, 8:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.