启动时，提示IndentationError: unexpected indent

[weihc02]

[root@iZ94rc264jtZ elastalert]# python2.7 -m elastalert.elastalert --verbose --config config.yaml --rule es_rules/wechart.yaml
/usr/lib/python2.7/site-packages/requests/init.py:80: RequestsDependencyWarning: urllib3 (1.22) or chardet (2.2.1) doesn't match a supported version!
RequestsDependencyWarning)
Traceback (most recent call last):
File "/usr/lib64/python2.7/runpy.py", line 162, in _run_module_as_main
"main", fname, loader, pkg_name)
File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/usr/local/elastalert/elastalert/elastalert.py", line 1925, in
sys.exit(main(sys.argv[1:]))
File "/usr/local/elastalert/elastalert/elastalert.py", line 1919, in main
client = ElastAlerter(args)
File "/usr/local/elastalert/elastalert/elastalert.py", line 108, in init
self.conf = load_rules(self.args)
File "elastalert/config.py", line 500, in load_rules
rule = load_configuration(rule_file, conf, args)
File "elastalert/config.py", line 133, in load_configuration
load_modules(rule, args)
File "elastalert/config.py", line 382, in load_modules
rule['alert'] = load_alerts(rule, alert_field=rule['alert'])
File "elastalert/config.py", line 440, in load_alerts
alert_field = [create_alert(a, b) for a, b in alert_field]
File "elastalert/config.py", line 425, in create_alert
alert_class = alerts_mapping.get(alert) or get_module(alert)
File "elastalert/config.py", line 110, in get_module
base_module = import(module_path, globals(), locals(), [module_class])
File "elastalert_modules/wechat_qiye_alert.py", line 24
def init(self, *args):
IndentationError: unexpected indent

py脚本是直接git下载，语法检查也看不什么问题？

[Hello-Linux]

@weihc02 你好,这个问题问题已经修复了,主要是本地包含了特殊字符导致的.如果还有其他问题请留言

[weihc02]

好的，我再试下，可以考虑支持docker 镜像？

[weihc02]

ERROR:root:Error running query: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [@timestamp] in order to sort on')
INFO:elastalert:Ran schedule from 2019-02-21 12:41 CST to 2019-02-21 12:56 CST: 0 query hits (0 already seen), 0 matches, 0 alerts sent
INFO:elastalert:Sleeping for 59.980169 seconds

模式是@timestamp查询自动，elk默认不是这个，要去哪里修改？

[Hello-Linux]

@weihc02 恩恩谢谢你的提议,下周我就发布到docker hub上. 运行 curl -XGET 'http://elasticsearch地址:9200/elastalert_status/_mapping/'

有没有类似的输出

里面应该有@timestamp这个字段的

[Hello-Linux]

@weihc02 你的"@timestamp 在elastalert_status索引中存在么？ elastalert-create-index` 运行了么?

[weihc02]

在config.py 我把默认的改了，重新运行

INFO:elastalert:Queried rule schedule from 2019-02-21 13:08 CST to 2019-02-21 13:11 CST: 1 / 1 hits
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
INFO:elastalert:send msg and response: {"errcode":0,"errmsg":"ok","invaliduser":"15999552312"}
INFO:elastalert:send message to ww10575631340b7ca8

[weihc02]

curl -XGET 'http://127.0.0.1:9200/elastalert_status/_mapping/'
{"elastalert_status":{"mappings":{"elastalert":{"properties":{"@timestamp":{"type":"date","format":"dateOptionalTime"},"aggregate_id":{"type":"keyword"},"alert_info":{"properties":{"type":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"alert_sent":{"type":"boolean"},"alert_time":{"type":"date","format":"dateOptionalTime"},"match_body":{"type":"object","enabled":false},"match_time":{"type":"date","format":"dateOptionalTime"},"rule_name":{"type":"keyword"}}}}}}[root@iZ94rc264jtZ elastalert]

[Hello-Linux]

@weihc02 现在正常了么?

[weihc02]

不正常，没有推到微信。INFO:elastalert:send msg and response: {"errcode":0,"errmsg":"ok","invaliduser":"15999552312"}

这个是无效的用户，微信号是手机号码，怎么会是invaliduser？

[Hello-Linux]

@weihc02 这个要用你微信企业通讯录中的账号ID,我刚更新了代码图片你可以看看去

[weihc02]

是的，确实是这个问题，改了之后可以了。谢谢。期待docker 镜像，更加方便。

[Hello-Linux]

@weihc02 记得加个星星呦! 镜像下周一上

[weihc02]

ok

[weihc02]

用了镜像，启动了一会，就自动停止了，请问日志输出再什么地方？

[weihc02]

Traceback (most recent call last):
File "/usr/local/bin/elastalert-create-index", line 11, in
load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert-create-index')()
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/create_index.py", line 129, in main
esversion = es.info()["version"]["number"]
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 76, in _wrapped
return func(*args, params=params, **kwargs)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/init.py", line 241, in info
return self.transport.perform_request('GET', '/', params=params)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/transport.py", line 318, in perform_request
status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/connection/http_requests.py", line 84, in perform_request
raise ConnectionTimeout('TIMEOUT', str(e), e)
elasticsearch.exceptions.ConnectionTimeout: ConnectionTimeout caused by - ConnectTimeout(HTTPConnectionPool(host='192.168.1.223', port=9200): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f9012e7ea10>, 'Connection to 192.168.1.223 timed out. (connect timeout=60)')))
Traceback (most recent call last):
File "/usr/local/bin/elastalert", line 11, in
load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert')()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 489, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2793, in load_entry_point
return ep.load()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2411, in load
return self.resolve()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2417, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/elastalert.py", line 21, in
from alerts import DebugAlerter
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/alerts.py", line 31, in
from thehive4py.api import TheHiveApi
File "/usr/local/lib/python2.7/site-packages/thehive4py-1.6.0-py2.7.egg/thehive4py/api.py", line 7, in
import magic
File "/usr/local/lib/python2.7/site-packages/python_magic-0.4.15-py2.7.egg/magic.py", line 181, in
raise ImportError('failed to find libmagic. Check your installation')
ImportError: failed to find libmagic. Check your installation
Traceback (most recent call last):
File "/usr/local/bin/elastalert-create-index", line 11, in
load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert-create-index')()
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/create_index.py", line 129, in main
esversion = es.info()["version"]["number"]
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 76, in _wrapped
return func(*args, params=params, **kwargs)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/init.py", line 241, in info
return self.transport.perform_request('GET', '/', params=params)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/transport.py", line 318, in perform_request
status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/connection/http_requests.py", line 84, in perform_request
raise ConnectionTimeout('TIMEOUT', str(e), e)
elasticsearch.exceptions.ConnectionTimeout: ConnectionTimeout caused by - ConnectTimeout(HTTPConnectionPool(host='192.168.1.223', port=9200): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f7c333fec90>, 'Connection to 192.168.1.223 timed out. (connect timeout=60)')))
Traceback (most recent call last):
File "/usr/local/bin/elastalert", line 11, in
load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert')()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 489, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2793, in load_entry_point
return ep.load()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2411, in load
return self.resolve()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2417, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/elastalert.py", line 21, in
from alerts import DebugAlerter
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/alerts.py", line 31, in
from thehive4py.api import TheHiveApi
File "/usr/local/lib/python2.7/site-packages/thehive4py-1.6.0-py2.7.egg/thehive4py/api.py", line 7, in
import magic
File "/usr/local/lib/python2.7/site-packages/python_magic-0.4.15-py2.7.egg/magic.py", line 181, in
raise ImportError('failed to find libmagic. Check your installation')
ImportError: failed to find libmagic. Check your installation
Traceback (most recent call last):
File "/usr/local/bin/elastalert-create-index", line 11, in
load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert-create-index')()
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/create_index.py", line 129, in main
esversion = es.info()["version"]["number"]
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 76, in _wrapped
return func(*args, params=params, **kwargs)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/init.py", line 241, in info
return self.transport.perform_request('GET', '/', params=params)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/transport.py", line 318, in perform_request
status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/connection/http_requests.py", line 84, in perform_request
raise ConnectionTimeout('TIMEOUT', str(e), e)
elasticsearch.exceptions.ConnectionTimeout: ConnectionTimeout caused by - ConnectTimeout(HTTPConnectionPool(host='192.168.1.223', port=9200): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fbccc82ec90>, 'Connection to 192.168.1.223 timed out. (connect timeout=60)')))
Traceback (most recent call last):
File "/usr/local/bin/elastalert", line 11, in
load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert')()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 489, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2793, in load_entry_point
return ep.load()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2411, in load
return self.resolve()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2417, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/elastalert.py", line 21, in
from alerts import DebugAlerter
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/alerts.py", line 31, in
from thehive4py.api import TheHiveApi
File "/usr/local/lib/python2.7/site-packages/thehive4py-1.6.0-py2.7.egg/thehive4py/api.py", line 7, in
import magic
File "/usr/local/lib/python2.7/site-packages/python_magic-0.4.15-py2.7.egg/magic.py", line 181, in
raise ImportError('failed to find libmagic. Check your installation')
ImportError: failed to find libmagic. Check your installation
Traceback (most recent call last):
File "/usr/local/bin/elastalert-create-index", line 11, in
load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert-create-index')()
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/create_index.py", line 129, in main
esversion = es.info()["version"]["number"]
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 76, in _wrapped
return func(*args, params=params, **kwargs)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/init.py", line 241, in info
return self.transport.perform_request('GET', '/', params=params)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/transport.py", line 318, in perform_request
status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/connection/http_requests.py", line 84, in perform_request
raise ConnectionTimeout('TIMEOUT', str(e), e)
elasticsearch.exceptions.ConnectionTimeout: ConnectionTimeout caused by - ConnectTimeout(HTTPConnectionPool(host='192.168.1.223', port=9200): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f80dc487c90>, 'Connection to 192.168.1.223 timed out. (connect timeout=60)')))
Traceback (most recent call last):
File "/usr/local/bin/elastalert", line 11, in
load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert')()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 489, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2793, in load_entry_point
return ep.load()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2411, in load
return self.resolve()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2417, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/elastalert.py", line 21, in
from alerts import DebugAlerter
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/alerts.py", line 31, in
from thehive4py.api import TheHiveApi
File "/usr/local/lib/python2.7/site-packages/thehive4py-1.6.0-py2.7.egg/thehive4py/api.py", line 7, in
import magic
File "/usr/local/lib/python2.7/site-packages/python_magic-0.4.15-py2.7.egg/magic.py", line 181, in
raise ImportError('failed to find libmagic. Check your installation')
ImportError: failed to find libmagic. Check your installation
Traceback (most recent call last):
File "/usr/local/bin/elastalert-create-index", line 11, in
load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert-create-index')()
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/create_index.py", line 129, in main
esversion = es.info()["version"]["number"]
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 76, in _wrapped
return func(*args, params=params, **kwargs)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/client/init.py", line 241, in info
return self.transport.perform_request('GET', '/', params=params)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/transport.py", line 318, in perform_request
status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/elasticsearch/connection/http_requests.py", line 84, in perform_request
raise ConnectionTimeout('TIMEOUT', str(e), e)
elasticsearch.exceptions.ConnectionTimeout: ConnectionTimeout caused by - ConnectTimeout(HTTPConnectionPool(host='192.168.1.223', port=9200): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fa5c8c8cc90>, 'Connection to 192.168.1.223 timed out. (connect timeout=60)')))
Traceback (most recent call last):
File "/usr/local/bin/elastalert", line 11, in
load_entry_point('elastalert==0.1.38', 'console_scripts', 'elastalert')()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 489, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2793, in load_entry_point
return ep.load()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2411, in load
return self.resolve()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/init.py", line 2417, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/elastalert.py", line 21, in
from alerts import DebugAlerter
File "/usr/local/lib/python2.7/site-packages/elastalert-0.1.38-py2.7.egg/elastalert/alerts.py", line 31, in
from thehive4py.api import TheHiveApi
File "/usr/local/lib/python2.7/site-packages/thehive4py-1.6.0-py2.7.egg/thehive4py/api.py", line 7, in
import magic
File "/usr/local/lib/python2.7/site-packages/python_magic-0.4.15-py2.7.egg/magic.py", line 181, in
raise ImportError('failed to find libmagic. Check your installation')
ImportError: failed to find libmagic. Check your installation