Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Elastalert - Update new_term.yaml #1706

Closed
weslambert opened this issue Jan 14, 2020 · 5 comments
Closed

Elastalert - Update new_term.yaml #1706

weslambert opened this issue Jan 14, 2020 · 5 comments
Assignees
Projects

Comments

@weslambert
Copy link
Collaborator

@weslambert weslambert commented Jan 14, 2020

INFO:elastalert:Queried rule Security Onion Elastalert - New Term Alert from 2020-01-14 12:49 UTC to 2020-01-14 12:50 UTC: 0 hits
ERROR:root:Traceback (most recent call last):
File "/opt/elastalert/elastalert/elastalert.py", line 1270, in handle_rule_execution
num_matches = self.run_rule(rule, endtime, rule.get('initial_starttime'))
File "/opt/elastalert/elastalert/elastalert.py", line 905, in run_rule
if not self.run_query(rule, rule['starttime'], endtime):
File "/opt/elastalert/elastalert/elastalert.py", line 645, in run_query
rule_inst.add_count_data(data)
File "/opt/elastalert/elastalert/ruletypes.py", line 84, in add_count_data
raise NotImplementedError()
NotImplementedError

@weslambert

This comment has been minimized.

Copy link
Collaborator Author

@weslambert weslambert commented Jan 14, 2020

It seems that we need to remark/remove use_count_query (and doc_type is no longer needed)

@weslambert

This comment has been minimized.

Copy link
Collaborator Author

@weslambert weslambert commented Jan 14, 2020

@dougburks dougburks moved this from To do to In progress in 16.04.6.4 Jan 14, 2020
@weslambert weslambert changed the title Elastalert - Remove/Update new_term.yaml Elastalert - Update new_term.yaml Jan 14, 2020
@dougburks

This comment has been minimized.

Copy link
Contributor

@dougburks dougburks commented Jan 14, 2020

This is included in securityonion-elastic - 20190510-1ubuntu1securityonion83 which is now available for testing at ppa:securityonion/test.

@dougburks dougburks moved this from In progress to In Testing in 16.04.6.4 Jan 14, 2020
@weslambert

This comment has been minimized.

Copy link
Collaborator Author

@weslambert weslambert commented Jan 17, 2020

Looks good 👍

@weslambert weslambert moved this from In Testing to Tested in 16.04.6.4 Jan 17, 2020
@dougburks

This comment has been minimized.

@dougburks dougburks closed this Feb 5, 2020
16.04.6.4 automation moved this from Tested to Done Feb 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
16.04.6.4
  
Done
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.