CentOS Question posted in
The official documentation can be found here.

Elastalert deployment failed – CentOS

I have installed elastalert on Centos 7.6 and while starting the elastalert receiving the following error.

[root@e2e-27-36 elastalert]# python -m elastalert.elastalert --verbose --rule example_rules/example_frequency.yaml

Traceback (most recent call last):
  File "/usr/lib64/python2.7/runpy.py", line 162, in _run_module_as_main
    "__main__", fname, loader, pkg_name)

  File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals

  File "/root/elastalert/elastalert/elastalert.py", line 29, in <module>
    from . import kibana

  File "elastalert/kibana.py", line 4, in <module>
    import urllib.error

ImportError: No module named error

How should I go about fixing this?

Tags:

3

Answers


  1. Chosen as BEST ANSWER
    0

    I have found my fix by own.

    1.On python2.7 the issue still persist

    2.Install python3.6 version to fix the issue.

    yum install python3 python3-devel python3-urllib3

    3.Run the elastalert command

    python3 -m elastalert.elastalert --config /root/elastalert/config.yaml --verbose --rule /root/elastalert/example_rules/example_frequency.yaml

    4.If you received issue with the modules (ModuleNotFoundError: No module named 'pytz')

    5.Install the modules as per the requirement.

    pip3 install -r /root/elastalert/requirements.txt

    6.Let's run the command "python3 -m elastalert.elastalert --config /root/elastalert/config.yaml --verbose --rule /root/elastalert/example_rules/example_frequency.yaml" and got error

    urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='elasticsearch.example.com', port=9200): Max retries exceeded with url: / (Caused by NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known',))

    7.Above error due to not valid hostname on config.yaml file. Edit the config.yaml file and change the hostname to server hostname at es.hosts field

    Make sure you had an entry for the same on the /etc/hosts file.

    8.Ok the issue got fixed and run the command "python3 -m elastalert.elastalert --config /root/elastalert/config.yaml --verbose --rule /root/elastalert/example_rules/example_frequency.yaml" and one more error

    pkg_resources.DistributionNotFound: The 'jira>=2.0.0'

    9.We need to install the jira by using below command

    pip3 install jira==2.0.0

    10.Now let's run the command "python3 -m elastalert.elastalert --config /root/elastalert/config.yaml --verbose --rule /root/elastalert/example_rules/example_frequency.yaml" and again another error OMG.

    elasticsearch.exceptions.TransportError: TransportError(429, 'circuit_breaking_exception', '[parent] Data too large, data for [] would be [994793504/948.7mb], which is larger than the limit of [986061209/940.3mb], real usage: [994793056/948.7mb], new bytes reserved: [448/448b]')

    11.You need to fix the same by changing the heap value on following /etc/elasticsearch/jvm.options

    Xms-1g to Xms-2g Xmx-1g to Xms-2g and restart elasticsearch service "service elasticsearch restart"

    12.Everything set again run the command "python3 -m elastalert.elastalert --config /root/elastalert/config.yaml --verbose --rule /root/elastalert/example_rules/example_frequency.yaml" and ended up receiving another error.

    ERROR:root:Error finding recent pending alerts: NotFoundError(404, 'index_not_found_exception', 'no such index [elastalert_status]', elastalert_status, index_or_alias) {'query': {'bool': {'must': {'query_string': {'query': '!exists:aggregate_id AND alert_sent:false'}}, 'filter': {'range': {'alert_time': {'from': '2019-12-04T19:45:09.635478Z', 'to': '2019-12-06T19:45:09.635529Z'}}}}}, 'sort': {'alert_time': {'order': 'asc'}}}

    13.Fix the issue by running the below command

    elastalert-create-index

    14.Finally everything done and run the below command

    python3 -m elastalert.elastalert --config /root/elastalert/config.yaml --verbose --rule /root/elastalert/example_rules/example_frequency.yaml

    Now cancelled the command and ran the same on background

    python3 -m elastalert.elastalert --config /root/elastalert/config.yaml --verbose --rule /root/elastalert/example_rules/example_frequency.yaml &


  2. 0

    You can try to check if urllib3 is installed by running pip freeze or try to reinstall it with pip install urllib3.

    You maybe need to correctly activate your environment variable like this : source [env]/bin/activate.

    Login or Signup to reply.
  3. 0

    Setup conda environment

    conda create -n elastalert python=3.6 anaconda

    Activate conda env

    conda activate elastalert

    Install all the requirements

    pip install -r requirements-dev.txt
pip install -r requirements.txt
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search