Replies: 2 comments 1 reply
-
|
Doing some more searching, I find the answer posted in Discussions, here: but to be able to find it, you must first know that it's even an Array you are querying, which is not indicated in Kibana 8 which just let's you work with the error.exception.type style. And then when you know you are querying an Array by looking at the actual data (like I did) you still have to go and find if it's even supported in ElastAlert 2. By adding this to the documentation, maybe even a separate section on supported key lookups, it's much clearer for users like myself. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
|
@jertel Thank you so much!! |
Beta Was this translation helpful? Give feedback.
-
Hi all,
Today I was frustratingly trying to get APM to work with ElastAlert 2 upgrading from ELK6 to ELK8.
It turns out that in ELK8 the APM errors (also now in different index) have error.exception now set as an Array [.....]
while in ELK6 it was a Hash {....}
Therefor my rule with alert_text_args:
Wasn't working anymore..
After spending quite some time on debugging and trying to figure out how to work around this,
while not updating it to:
else I would get everything..
I almost gave up on the possibilities and then did a git clone of the repo and discovered this test on utils.py:
test_looking_up_arraysin it, I saw the [idx]key notation and that finally worked:
alert_text_args:
Could the documentation please be updated on the Rules / alert_text_args / alert_summary_args place somewhere
to indicate this Array style lookup is supported as well?
Would have saved me hours :)
Beta Was this translation helpful? Give feedback.
All reactions