Change doc_type and added support for Elasticsearch 6.6 and 7 #2194
Conversation
Elasticsearch > 5 so that index APIs have the same path as they will have in 7.0
elasticsearch: - 5.6.16 - 6.3.2 - 6.6.2 - 7.0.0-rc1
class elasticsearch_test - test api calls against elasticsearch
unit tests when pytest is run with --runelasticsearch
matsgoran
force-pushed
the
doc_type_and_support_for_es66_es7
branch
from
a8ca178
to
9a98c64
Compare
- elasticsearch>=7.0.0 in dependencies - fixed api changes in elastalert - added deprecated_search method to es-wrapper-client, which accepts doc_type parameter, which works as an adapter between elastalert and elasticsearch-py
matsgoran
force-pushed
the
doc_type_and_support_for_es66_es7
branch
from
9a98c64
to
33e6ab5
Compare
version 6.2. This is now reflected in ElastAlert
matsgoran
force-pushed
the
doc_type_and_support_for_es66_es7
branch
from
ce6ef34
to
2434ef6
Compare
|
Is there a dockerized version of this available? |
|
We've made a Dockerized version: https://github.com/HacknowledgeCH/elastalert-docker The image includes a temporary fix to force the |
|
@christophetd Thank you. Unfortunately looks like the Dockerfile is not working. I get: |
|
It looks like there are still issues with elastalert-create-index against Elasticsearch 7.0: |
|
@jefflibby the current release of ElastAlert and elasticsearch-py 6.3.1 (https://github.com/elastic/elasticsearch-py) doesn't support ElasticSearch 7 due to breaking changes in the API. Ref. my comments in this PR, HacknowledgeCH/elastalert-docker@58fead0 , https://www.elastic.co/guide/en/elasticsearch/reference/7.0/indices-put-mapping.html |
|
I gave this a quick spin. Due to the changed signature of |
|
@jefflibby I had also the compatibility issue with elasticsearch 7.0. The problem is that before Elasticsearch 7.0.0, the mappings definition used to include a type name. Although specifying types in requests is now deprecated, a type can still be provided if the request parameter include_type_name is set. To solve this issue, you can clone and build my patch repository (https://github.com/geeckmc/elastalert.git) while waiting for my pull request to be accepted. hoping it helped you |
Change elastalert.create_index:main signature in order to satisfy entry point constraint in setup tools console script generator
@eigengrau Thanks for pointing this out. The main signature has been changed in order to fix this issue. |
|
Sorry, I misunderstood. I thought the fix had already been applied to the docker image mentioned. I will try building from the PR branch. |
|
elastalert-create-index verified locally with the latest from this branch, and I have alerts working against elasticsearch v7 now. Thanks for the help, I can now complete our POC. |
|
Hey all. I've merged this into the There was a massive amount of merge conflicts, and I didn't do extensive testing on it, so please report any bugs you find!! Worth noting that there were some features that I had to remove/partially remove, like I'll release this into a non beta release when I get time to merge in other changes and when it's had some time for people to report issues. |
The changes starting with elasticsearch-py 7 no longer accepts 'doc_type' as a search parameter. In order to offer backwards compatibility I've added a 'deprecated_search' which accepts this parameter. This function effectively works as an adapter between ElastAlert and elasticsearch-py since the Elasticsearch 7 API still accepts 'doc_type' (including some complaining about this being a deprecated feature). The function logs a warning informing that 'doc_type' will no longer work starting with Elasticsearch 8
Todos: