我试图将满足某些过滤条件的事件存储到弹性索引中,但是当我设置存储表时,它说它无法为该表创建索引。
我已经在产品的4.3.0和4.4.0版本中对此进行了测试,但没有一个起作用。
@store(type = 'elasticsearch', host = 'elastic.local', port = '9200', index.name = '{{name}}_alertas')
define table alertas (timestamp long, name string, ipsrc string, ipdst string, evento string, tipoAmenaza string, eventCategory string, severity string);
@info(name = 'query-all-events-elastic')
from LogStream[evento == "THREAT" and tipoAmenaza == "spyware" and eventCategory != "unknown" and (severity == "critical" or severity == "high" or severity == "medium")]
select eventTimestamp() as timestamp, name, ipsrc, ipdst, evento, tipoAmenaza, eventCategory, severity
insert into alertas;
整个日志是下一个:
[2019-05-31 10:51:55,394] ERROR {org.wso2.carbon.stream.processor.core.internal.StreamProcessorDeployer} - org.wso2.siddhi.core.exception.SiddhiAppCreationException: Error on 'AlertasPorCorreo' @ Line: 39. Position: 152, near '@store(type = 'elasticsearch', host = '172.20.240.250', port = '9200', index.name = '{{name}}_alertas')
define table alertas (timestamp long, name string, ipsrc string, ipdst string, evento string, tipoAmenaza string, eventCategory string, severity string)'. Error while creating indices for table id : 'alertas org.wso2.carbon.stream.processor.core.internal.exception.SiddhiAppDeploymentException: org.wso2.siddhi.core.exception.SiddhiAppCreationException: Error on 'AlertasPorCorreo' @ Line: 39. Position: 152, near '@store(type = 'elasticsearch', host = '172.20.240.250', port = '9200', index.name = '{{name}}_alertas')
define table alertas (timestamp long, name string, ipsrc string, ipdst string, evento string, tipoAmenaza string, eventCategory string, severity string)'. Error while creating indices for table id : 'alertas
at org.wso2.carbon.stream.processor.core.internal.StreamProcessorDeployer.deploySiddhiQLFile(StreamProcessorDeployer.java:105)
at org.wso2.carbon.stream.processor.core.internal.StreamProcessorDeployer.deploy(StreamProcessorDeployer.java:306)
at org.wso2.carbon.deployment.engine.internal.DeploymentEngine.lambda$deployArtifacts$0(DeploymentEngine.java:291)
at java.util.ArrayList.forEach(ArrayList.java:1257)
at org.wso2.carbon.deployment.engine.internal.DeploymentEngine.deployArtifacts(DeploymentEngine.java:282)
at org.wso2.carbon.deployment.engine.internal.RepositoryScanner.sweep(RepositoryScanner.java:112)
at org.wso2.carbon.deployment.engine.internal.RepositoryScanner.scan(RepositoryScanner.java:68)
at org.wso2.carbon.deployment.engine.internal.DeploymentEngine.start(DeploymentEngine.java:121)
at org.wso2.carbon.deployment.engine.internal.DeploymentEngineListenerComponent.onAllRequiredCapabilitiesAvailable(DeploymentEngineListenerComponent.java:216)
at org.wso2.carbon.kernel.internal.startupresolver.StartupComponentManager.lambda$notifySatisfiableComponents$7(StartupComponentManager.java:266)
at java.util.ArrayList.forEach(ArrayList.java:1257)
at org.wso2.carbon.kernel.internal.startupresolver.StartupComponentManager.notifySatisfiableComponents(StartupComponentManager.java:252)
at org.wso2.carbon.kernel.internal.startupresolver.StartupOrderResolver$1.run(StartupOrderResolver.java:204)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: org.wso2.siddhi.core.exception.SiddhiAppCreationException: Error on 'AlertasPorCorreo' @ Line: 39. Position: 152, near '@store(type = 'elasticsearch', host = '172.20.240.250', port = '9200', index.name = '{{name}}_alertas')
define table alertas (timestamp long, name string, ipsrc string, ipdst string, evento string, tipoAmenaza string, eventCategory string, severity string)'. Error while creating indices for table id : 'alertas
at org.wso2.siddhi.core.util.ExceptionUtil.populateQueryContext(ExceptionUtil.java:43)
at org.wso2.siddhi.core.util.parser.SiddhiAppParser.defineTableDefinitions(SiddhiAppParser.java:322)
at org.wso2.siddhi.core.util.parser.SiddhiAppParser.parse(SiddhiAppParser.java:224)
at org.wso2.siddhi.core.SiddhiManager.createSiddhiAppRuntime(SiddhiManager.java:65)
at org.wso2.siddhi.core.SiddhiManager.createSiddhiAppRuntime(SiddhiManager.java:74)
at org.wso2.carbon.stream.processor.core.internal.StreamProcessorService.deploySiddhiApp(StreamProcessorService.java:100)
at org.wso2.carbon.stream.processor.core.internal.StreamProcessorDeployer.deploySiddhiQLFile(StreamProcessorDeployer.java:93)
... 14 more
Caused by: org.wso2.extension.siddhi.store.elasticsearch.exceptions.ElasticsearchEventTableException: Error while creating indices for table id : 'alertas
at org.wso2.extension.siddhi.store.elasticsearch.ElasticsearchEventTable.init(ElasticsearchEventTable.java:317)
at org.wso2.siddhi.core.table.record.AbstractRecordTable.init(AbstractRecordTable.java:69)
at org.wso2.siddhi.core.table.Table.initTable(Table.java:121)
at org.wso2.siddhi.core.util.parser.helper.DefinitionParserHelper.addTable(DefinitionParserHelper.java:210)
at org.wso2.siddhi.core.util.SiddhiAppRuntimeBuilder.defineTable(SiddhiAppRuntimeBuilder.java:125)
at org.wso2.siddhi.core.util.parser.SiddhiAppParser.defineTableDefinitions(SiddhiAppParser.java:320)
... 19 more
Caused by: java.net.ConnectException: Conexión rehusada
at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:717)
at org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor.processEvent(DefaultConnectingIOReactor.java:171)
at org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor.processEvents(DefaultConnectingIOReactor.java:145)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor.execute(AbstractMultiworkerIOReactor.java:348)
at org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager.execute(PoolingNHttpClientConnectionManager.java:192)
at org.apache.http.impl.nio.client.CloseableHttpAsyncClientBase$1.run(CloseableHttpAsyncClientBase.java:64)
at java.lang.Thread.run(Thread.java:748)
[2019-05-31 10:51:55,401] INFO {org.wso2.carbon.kernel.internal.CarbonStartupHandler} - WSO2 Stream Processor started in 23,177 sec
答案 0 :(得分:0)
提供的日志中似乎存在两个错误。 1.当您尝试启动应用程序时,由于语法问题,它引发了第一个异常。 2.第二个异常是由于来自ElasticSearch服务器的连接拒绝引起的。
您是否可以使用@store中使用的配置检查是否可以访问ElasticSearch服务器。