[Elasticalert] WARNING:elasticsearch:DELETE https://127.0.0.1:9200/_search/scroll [status:404 request:0.003s] #1392

sontn1988 · 2024-03-11T03:06:32Z

sontn1988
Mar 11, 2024

I had the same problem.

Elastic alert was running with my previous ELK version (7.x)
When i update ELK to version 8.8.0, i have to enable security mode. Connect to elasticsearch have to use ca file

My Elasticalert2 was not working anymore.
My Elasticalert2 is on docker-compose

My elasticalert.yaml

rules_folder: /opt/elastalert/rules
use_ssl: true
verify_certs: true
ca_certs: /opt/elasticalert/certs/http_ca.crt

run_every:
  seconds: 10

buffer_time:
  minutes: 15

writeback_index: elastalert_status

Log elasticalert:

WARNING:elasticsearch:DELETE https://127.0.0.1:9200/_search/scroll [status:404 request:0.003s]
WARNING:elasticsearch:DELETE https://127.0.0.1:9200/_search/scroll [status:404 request:0.003s]
WARNING:elasticsearch:DELETE https://127.0.0.1:9200/_search/scroll [status:404 request:0.003s]
WARNING:elasticsearch:DELETE https://127.0.0.1:9200/_search/scroll [status:404 request:0.003s]
WARNING:elasticsearch:DELETE https://127.0.0.1:9200/_search/scroll [status:404 request:0.003s]
WARNING:elasticsearch:DELETE https://127.0.0.1:9200/_search/scroll [status:404 request:0.003s]
WARNING:elasticsearch:DELETE https://127.0.0.1:9200/_search/scroll [status:404 request:0.003s]
WARNING:elasticsearch:DELETE https://127.0.0.1:9200/_search/scroll [status:404 request:0.003s]

ELK indices status:

yellow open elastalert_status_status  KeK1eLl6R8-ScGlTmajJ9Q 1 1 5853 0 866.6kb 866.6kb
yellow open elastalert_status         45woY9F3S7Wz1rgR2oyT3w 1 1    0 0    247b    247b
yellow open elastalert_status_past    SZpur5B8Tze9bkvz79Jh8g 1 1    0 0    247b    247b
yellow open elastalert_status_silence k2Txf1yHToqQJorw30DmyQ 1 1    0 0    247b    247b
yellow open elastalert_status_error   prCbAU6vQgeTI17Ihxopjw 1 1    0 0    247b    247b

We generate an index every day: ll%{+yyyy.MM.dd}
Now we, have a lot of index like it

Can you help me to fix it ? or give me some idea ?

Answered by jertel

Mar 11, 2024

My Elasticalert2 was not working anymore.

What does this mean specifically? Are you saying ElastAlert 2 does not start up? Or does it not send alerts?

We generate an index every day: ll%{+yyyy.MM.dd}
Now we, have a lot of index like it

To which indices are you referring? Do you mean ElastAlert 2 indices are being generated every day?

View full answer

jertel · 2024-03-11T10:58:12Z

jertel
Mar 11, 2024
Maintainer

My Elasticalert2 was not working anymore.

What does this mean specifically? Are you saying ElastAlert 2 does not start up? Or does it not send alerts?

We generate an index every day: ll%{+yyyy.MM.dd}
Now we, have a lot of index like it

To which indices are you referring? Do you mean ElastAlert 2 indices are being generated every day?

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Elasticalert] WARNING:elasticsearch:DELETE https://127.0.0.1:9200/_search/scroll [status:404 request:0.003s] #1392

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment

{{title}}

Select a reply

[Elasticalert] WARNING:elasticsearch:DELETE https://127.0.0.1:9200/_search/scroll [status:404 request:0.003s] #1392

sontn1988 Mar 11, 2024

Replies: 1 comment

jertel Mar 11, 2024 Maintainer

sontn1988
Mar 11, 2024

jertel
Mar 11, 2024
Maintainer