我在config.yaml中配置了聚合选项,每隔1小时发送一次警报摘要。但是当我尝试运行它时会抛出以下错误。
File "elastalert.py", line 863, in run_rule
self.add_aggregated_alert(match, rule)
File "elastalert.py", line 1614, in add_aggregated_alert
alert_time = ts_now() + rule['aggregation']
TypeError: unsupported operand type(s) for +: 'datetime.datetime' and 'dict'
ERROR:root:Uncaught exception running rule Test Alert : unsupported operand type(s) for +: 'datetime.datetime' and 'dict'
INFO:elastalert:Rule Test Alert disabled
配置参数是:
rules_folder: test_rules
run_every:
minutes: 15
buffer_time:
minutes: 30
es_host: 100.38.46.3
es_port: 9200
aggregation:
hours: 1
writeback_index: elastalert_status
alert_time_limit:
days: 2
测试警报规则配置:
name: Test Alert
type: metric_aggregation
index: logstash-*
buffer_time:
minutes: 30
metric_agg_key: count
metric_agg_type: sum
query_key: "name.keyword"
doc_type: counter
max_threshold: 1
min_threshold: 0
filter:
- query:
query_string:
query: "name.keyword: *timedout_count"
alert:
- "email"
email:
- "admin@abc.com"
我遵循了ElastAlert文档,但无法弄清楚是什么导致了这个问题。
由于
答案 0 :(得分:0)
从错误:
TypeError: unsupported operand type(s) for +: 'datetime.datetime' and 'dict'
从你的config.yaml
metric_agg_type: sum
它正在尝试(和faililng)对datetime执行sum聚合,并且dict值不支持求和。您可能需要选择计数或唯一计数等聚合,并相应地调整警报的逻辑。