Why it's giving 'No mapping found for [alert_time] in order to sort on' error while running elastalert?

I am creating an application where I need to send a mail with elastalert.
When I run command python -m elastalert.elastalert --verbose --rule myrulesmyrule.yaml
to trigger the rule, I am having an exception as follows:

python -m elastalert.elastalert --verbose --rule myrulesmyrule.yaml

:ELK_InfoElastAlertelastalert-master>python -m elastalert.elastalert --verbose --rule myrulesmyrule.yaml
INFO:elastalert:Starting up
WARNING:elasticsearch:GET http://localhost:9200/elastalert_status_status/elastalert/_search?size=1000 [status:400 request:0.034s]
ERROR:root:Error finding recent pending alerts: RequestError(400, u'search_phase_execution_exception', u'No mapping found for [alert_time] in order to sort on')'sort': 'alert_time': 'order': 'asc',
'query': 'bool': 'filter': 'range': 'alert_time': 'to': '2018-09-10T06:09:15.858Z', 'from': '2018-09-08T06:09:15.858Z',
'must': 'query_string': 'query': '!_exists_:aggregate_id AND alert_sent:false'
Traceback (most recent call last):File "D:ELK_InfoElastAlertelastalert-masterelastalertelastalert.py", line 1522, in find_recent_pending_alerts size=1000)
File "C:Python27libsite-packageselasticsearchclientutils.py", line 76, in _wrapped
return func(*args, params=params, **kwargs)
File "C:Python27libsite-packageselasticsearchclient__init__.py", line 66
0, in search doc_type, '_search'), params=params, body=body)
File "C:Python27libsite-packageselasticsearchtransport.py", line 318, in
perform_request
status, headers_response, data = connection.perform_request(method, url, par
ams, body, headers=headers, ignore=ignore, timeout=timeout)
File "C:Python27libsite-packageselasticsearchconnectionhttp_requests.py"
, line 90, in perform_request self._raise_error(response.status_code, raw_data)
File "C:Python27libsite-packageselasticsearchconnectionbase.py", line 12
5, in _raise_error raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_me
ssage, additional_info)
RequestError: RequestError(400, u'search_phase_execution_exception', u'No mappin
g found for [alert_time] in order to sort on')
INFO:elastalert:Queried rule Log Level Test from 2018-09-10 11:39 India Standard
Time to 2018-09-10 11:39 India Standard Time: 0 / 0 hits
INFO:elastalert:Ran Log Level Test from 2018-09-10 11:39 India Standard Time to
2018-09-10 11:39 India Standard Time: 0 query hits (0 already seen), 0 matches,
0 alerts sent
INFO:elastalert:Sleeping for 1.844 seconds
INFO:elastalert:SIGINT received, stopping ElastAlert...


No mapping found for [alert_time] in order to sort on

No mapping found for [alert_time] in order to sort on

http://localhost:9200/elastalert_status_status/_mapping/elastalert_status


Output of this API is as follows:


"elastalert_status_status":
"mappings":
"elastalert_status":
"properties":
"@timestamp":
"type": "date"
,
"endtime":
"type": "date"
,
"hits":
"type": "long"
,
"matches":
"type": "long"
,
"rule_name":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256


,
"starttime":
"type": "date"
,
"time_taken":
"type": "float"








Rule file content:

es_host: localhost
es_port: 9200
name: Log Level Test
type: frequency
index: testindexv4
num_events: 1
timeframe:
hours: 4
filter:
- term:
log_level.keyword: "ERROR"
- query:
query_string:
query: "log_level.keyword: ERROR"
alert:
- "email"
email:
- "<mailId>@gmail.com"


any idea to solve the same please?

curl -XGET http://localhost:9200/elastalert_status_status/_mapping/elastalert

0

Thanks for contributing an answer to Stack Overflow!

But avoid …

To learn more, see our tips on writing great answers.

Required, but never shown

Required, but never shown

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.