Errors trying to use fields from ES7 in the Native Hive Alerter #3038
Comments
|
use match[file][name] instead of match[file.name] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am trying to create a hive alert that uses file.name field using {match[file.name]} as the title for the hive alert but I get the error in return. I am using ES 7.9.1 and don't know what the issue is. I am using the Slack plugin with the same field and those come out fine, just the hivealerter seems to not work.
elastalert_error - {'message': "Uncaught exception running rule 001 : 'file.name'", 'traceback': ['Traceback (most recent call last):', ' File "/usr/local/lib/python3.6/site-packages/elastalert-0.2.4-py3.6.egg/elastalert/elastalert.py", line 1453, in alert', ' return self.send_alert(matches, rule, alert_time=alert_time, retried=retried)', ' File "/usr/local/lib/python3.6/site-packages/elastalert-0.2.4-py3.6.egg/elastalert/elastalert.py", line 1547, in send_alert', ' alert.alert(matches)', ' File "/usr/local/lib/python3.6/site-packages/elastalert-0.2.4-py3.6.egg/elastalert/alerts.py", line 2159, in alert', ' alert_config[alert_config_field] = alert_config_value.format(**context)', "KeyError: 'file.name'"], 'data': {'rule': '001'}}
The text was updated successfully, but these errors were encountered: