Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Elasticsearch 'include' is deprecated #190

Open
lucasjkr opened this issue Aug 5, 2018 · 2 comments
Open

Elasticsearch 'include' is deprecated #190

lucasjkr opened this issue Aug 5, 2018 · 2 comments

Comments

@lucasjkr
Copy link

lucasjkr commented Aug 5, 2018

I've attempted to integrated 411 with ES6.3, but am when I try to test a sample alert, i get no results, and see my Elasticsearch Container return this:

elasticsearch | [2018-08-05T22:44:24,606][WARN ][o.e.d.c.ParseField ] Deprecated field [include] used, expected [includes] instead

I replaced include with includes where it appeared in phplib/Filter/Regex.php and phplib/Filter/Expression.php, which seems to let ES accept the request, but it still returns no results.

Incidentally, in Kibana I saw that 411 had created an index called 411_alerts_1, so 411 is communicating with ES somewhat.

Also, when looking at config.php, I couldn't figure out why each ES index has a host key and and index_hosts key, so I deleted the later, which caused 411 to not recognize that ES was running; that could be a different issue though.

I made the most minor of changes to your Dockerfile, you can see my setup here:

https://github.com/lucasjkr/docker-elk/tree/master/fouroneone
@kiwiz
Copy link
Contributor

kiwiz commented Aug 8, 2018

Sorry, the ES 6.0 integration is still a WIP (we don't have a ES6.0 cluster internally): #179. Looking at this error, it seems the problem may be in: https://github.com/kiwiz/esquery/tree/es-5.x. The ES5.0 PHP library seemed to work well enough when I tested it, but I see there's a separate version for 6.0: https://github.com/elastic/elasticsearch-php#version-matrix.

@lucasjkr
Copy link
Author

lucasjkr commented Aug 9, 2018

Hi,

I actually have 411 speaking to Elasticsearch 6.3.2 now; I don't think I needed to make any real changes to the config files, I just had a typo in my index;

The search feature works (can query both of the ES indexes I have), it creates its own alerts index, and records alerts in that new index;

I couldn't get your Dockerfile to work, so I made a new setup with a separate container running cron.php and worker.php every 60 seconds; it uses 600MB extra disk space that way, but is working reliably.

And I switched the DB over to MySQL.

My remaining issues are in the Health dashboard, it always says that ping is failing, and that graphite is failing (not using Graphite); I'm haven't even looked into those two yet, but everything went so easily I haven't even looked in the DB yet (which is where I'm assuming at least some data pertaining to those two sources can be found).

I'm not sure if you'll want my new Dockerfiles, since I have three containers now, and dumped SQLite, but I'd be happy to get everything in sync on here if you do.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kiwiz @lucasjkr