Unable to start elastalert

[MinnMoto]

I am working to use the bitsensor Elastalert for Docker setup. Unfortunately I have to build on a Windows WSL Linux. My corporate RHEL servers don't have a high enough version of Docker to build there, and I can't upgrade them.

I am able to build an image using Dockerfile from pull request #174. This is working great to build. I docker save the image and move it to my RHEL server. Loading the image is fine, but running it I am getting the following error.

Any guidance would be appreciated. I am not too familiar with Python to understand the versioning and packaging.

server:/elk/docker> dc_reup elastalert
No stopped containers
Creating elastalert ... done
Creating elastalert ...
Attaching to elastalert
elastalert |
elastalert | > @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert-server
elastalert | > sh ./scripts/start.sh "sh" "./scripts/start.sh"
elastalert |
: not found | ./scripts/start.sh: line 2:
"lastalert | bunyan: error: unknown output mode: "short
elastalert | events.js:292
elastalert | throw er; // Unhandled 'error' event
elastalert | ^
elastalert |
elastalert | Error: write EPIPE
elastalert | at afterWriteDispatched (internal/stream_base_commons.js:154:25)
elastalert | at writeGeneric (internal/stream_base_commons.js:145:3)
elastalert | at Socket._writeGeneric (net.js:782:11)
elastalert | at Socket._write (net.js:794:8)
elastalert | at writeOrBuffer (_stream_writable.js:352:12)
elastalert | at Socket.Writable.write (_stream_writable.js:303:10)
elastalert | at Logger._emit (/opt/elastalert-server/node_modules/bunyan/lib/bunyan.js:923:22)
elastalert | at Logger.info (/opt/elastalert-server/node_modules/bunyan/lib/bunyan.js:1045:24)
elastalert | at Logger.info (/opt/elastalert-server/src/common/logger/index.js:9:5)
elastalert | at /opt/elastalert-server/src/common/config/server_config.js:115:22
elastalert | Emitted 'error' event on Socket instance at:
elastalert | at emitErrorNT (internal/streams/destroy.js: 100:8)
elastalert | at emitErrorCloseNT (internal/streams/destroy.js:68:3)
elastalert | at processTicksAndRejections (internal/process/task_queues.js:84:21) {
elastalert | errno: -32,
elastalert | code: 'EPIPE',
elastalert | syscall: 'write'
elastalert | }
elastalert | npm ERR! code ELIFECYCLE
elastalert | npm ERR! errno 1
elastalert | npm ERR! @bitsensor/elastalert@3.0.0-beta.0 start: sh ./scripts/start.sh "sh" "./scripts/start.sh"
elastalert | npm ERR! Exit status 1
elastalert | npm ERR!
elastalert | npm ERR! Failed at the @bitsensor/elastalert@3.0.0-beta.0 start script.
elastalert | npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
elastalert exited with code 1

My Dockerfile is below.

FROM alpine:3.11 as py-ea
ARG ELASTALERT_VERSION=v0.2.4
ENV ELASTALERT_VERSION=${ELASTALERT_VERSION}
# URL from which to download Elastalert.
ARG ELASTALERT_URL=https://github.com/Yelp/elastalert/archive/$ELASTALERT_VERSION.zip
ENV ELASTALERT_URL=${ELASTALERT_URL}
# Elastalert home directory full path.
ENV ELASTALERT_HOME /opt/elastalert

WORKDIR /opt

RUN apk add --update --no-cache ca-certificates openssl-dev openssl python3-dev python3 py3-pip py3-yaml libffi-dev gcc musl-dev wget && \
# Download and unpack Elastalert.
    wget -O elastalert.zip "${ELASTALERT_URL}" && \
    unzip elastalert.zip && \
    rm elastalert.zip && \
    mv e* "${ELASTALERT_HOME}"

WORKDIR "${ELASTALERT_HOME}"

# Install Elastalert.
RUN python3 setup.py install

FROM node:14-alpine
LABEL maintainer="BitSensor <dev@bitsensor.io>"
# Set timezone for this container
ENV TZ Etc/UTC

RUN apk add --update --no-cache curl tzdata python3 make libmagic && \
    ln -s /usr/bin/python3 /usr/bin/python

COPY --from=py-ea /usr/lib/python3.8/site-packages /usr/lib/python3.8/site-packages
COPY --from=py-ea /opt/elastalert /opt/elastalert
COPY --from=py-ea /usr/bin/elastalert* /usr/bin/

WORKDIR /opt/elastalert-server
COPY . /opt/elastalert-server

RUN npm install --production --quiet
COPY config/elastalert.yaml /opt/elastalert/config.yaml
COPY config/elastalert-test.yaml /opt/elastalert/config-test.yaml
COPY config/config.json config/config.json
COPY rule_templates/ /opt/elastalert/rule_templates
COPY elastalert_modules/ /opt/elastalert/elastalert_modules

# Add default rules directory
# Set permission as unpriviledged user (1000:1000), compatible with Kubernetes
RUN mkdir -p /opt/elastalert/rules/ /opt/elastalert/server_data/tests/ \
    && chown -R node:node /opt

USER node

EXPOSE 3030
ENTRYPOINT ["npm", "start"]

[nsano-rururu]

・Does docker save mean "docker save" command?

・What are Elasticsearch and Kibana version

・Are you aware that it worked properly in the Windows WSL Linux environment?

・What is the folder structure used by Elasticsearch, Kibana and ElastAlert docker on Windows WSL Linux and RHEL server? .. Is there any difference?

Answer example)

/home/user/docker-wk
|--docker-compose.yml
|--Dockerfiles
|  |--Dockerfile-elastalert
|
|--es
|  |--config
|  |  |--elasticsearch.yml
|  |--data
|
|--kibana
|  |--config
|  |  |--kibana.yml
|
|--elastalert
|  |--bin
|  |  |--elastalert-start.sh
|  |  |--elastic_search_status.sh
|  |--config
|  |  |--config.json
|  |  |--elastalert-test.yaml
|  |  |--elastalert.yaml
|  |--rule_templates
|  |--rules

docker-compose.yml

version: "3.7"
services:
  elasticsearch:
    container_name: elasticsearch
    image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0
    ports:
      - 9200:9200
      - 9300:9300
    environment:
      - ES_JAVA_OPTS=-Xms256m -Xmx256m
      - discovery.type=single-node
    restart: always
    volumes:
      - ./es/data:/usr/share/elasticsearch/data
      - ./es/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
    healthcheck:
        test: ["CMD-SHELL", "curl -f http://localhost:9200 || exit 1"]
        interval: 30s
        timeout: 15s
        retries: 3
        start_period: 180s

  kibana:
    container_name: kibana
    image: docker.elastic.co/kibana/kibana:7.8.0
    ports:
      - 5601:5601
    depends_on:
      - elasticsearch
    restart: always
    volumes:
      - ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
    healthcheck:
        test: ["CMD-SHELL", "curl -f http://localhost:5601/api/status || exit 1"]
        interval: 30s
        timeout: 15s
        retries: 3
        start_period: 200s

  elastalert:
    container_name: elastalert
    build:
      context: .
      dockerfile: Dockerfiles/Dockerfile-elastalert
    image: elastalert:3.0.0-beta.0
    ports:
      - 3030:3030
      - 3333:3333
    depends_on:
      - elasticsearch
      - kibana
    restart: always
    volumes:
      - ./elastalert/config/elastalert.yaml:/opt/elastalert/config.yaml
      - ./elastalert/config/elastalert-test.yaml:/opt/elastalert/config-test.yaml
      - ./elastalert/config/config.json:/opt/elastalert-server/config/config.json
      - ./elastalert/rules:/opt/elastalert/rules
      - ./elastalert/rule_templates:/opt/elastalert/rule_templates
    healthcheck:
        test: ["CMD-SHELL", "curl -f http://localhost:3030 || exit 1"]
        interval: 30s
        timeout: 15s
        retries: 3
        start_period: 200s

kibana/config/kibana.yml

server.name: kibana
server.host: "0"
elasticsearch.hosts: http://elasticsearch:9200
xpack.monitoring.ui.container.elasticsearch.enabled: true

es/config/elasticsearch.yml

cluster.name: "docker-cluster"
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1

Dockerfiles/Dockerfile-elastalert

FROM bitsensor/elastalert:3.0.0-beta.0

USER root

RUN apk update && \
    apk add bash curl && \
    rm -rf /var/cache/apk/*

ADD elastalert/bin/elastalert-start.sh /usr/local/bin/
ADD elastalert/bin/elastic_search_status.sh /usr/local/bin/

RUN chmod +x /usr/local/bin/elastalert-start.sh & \
    chmod +x /usr/local/bin/elastic_search_status.sh

USER node

ENTRYPOINT ["/usr/local/bin/elastalert-start.sh"]

elastalert/bin/elastic_search_status.sh

#!/bin/bash

set -e

if [ $# -gt 0 ]; then
  ES_URL="$1"
elif [[ -n $ELASTICSEARCH_URL ]]; then
  ES_URL="$ELASTICSEARCH_URL"
elif [[ -n $ES_HOST ]] && [[ -n $ES_PORT ]]; then
  ES_URL="http://$ES_HOST:$ES_PORT"
else
  ES_URL="http://elasticsearch:9200"
fi

until [[ "$(curl -fsSL "$ES_URL/_cat/health?h=status" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" =~ ^(yellow|green)$ ]]; do
  # printf '+' >&2
  sleep 1
done

echo "Elasticsearch is up and healthy at "$ES_URL"" >&2

elastalert/bin/elastalert-start.sh

#!/bin/bash

set -e

echo "Giving Elasticsearch at $ELASTICSEARCH_URL time to start..."

elastic_search_status.sh

echo "Starting ElastAlert!"
npm start

elastalert/config/config.json

{
  "appName": "elastalert-server",
  "port": 3030,
  "wsport": 3333,
  "elastalertPath": "/opt/elastalert",
  "verbose": false,
  "es_debug": false,
  "debug": false,
  "rulesPath": {
    "relative": true,
    "path": "/rules"
  },
  "templatesPath": {
    "relative": true,
    "path": "/rule_templates"
  },
  "es_host": "elasticsearch",
  "es_port": 9200,
  "writeback_index": "elastalert_status"
}

elastalert/config/elastalert-test.yml

# NOTE: This config is used when testing a rule

# The elasticsearch hostname for metadata writeback
# Note that every rule can have its own elasticsearch host
es_host: elasticsearch

# The elasticsearch port
es_port: 9200

# This is the folder that contains the rule yaml files
# Any .yaml file will be loaded as a rule
rules_folder: rules

# How often ElastAlert will query elasticsearch
# The unit can be anything from weeks to seconds
run_every:
  seconds: 5

# ElastAlert will buffer results from the most recent
# period of time, in case some log sources are not in real time
buffer_time:
  minutes: 1

# Optional URL prefix for elasticsearch
#es_url_prefix: elasticsearch

# Connect with TLS to elasticsearch
#use_ssl: True

# Verify TLS certificates
#verify_certs: True

# GET request with body is the default option for Elasticsearch.
# If it fails for some reason, you can pass 'GET', 'POST' or 'source'.
# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport
# for details
#es_send_get_body_as: GET

# Option basic-auth username and password for elasticsearch
#es_username: someusername
#es_password: somepassword

# The index on es_host which is used for metadata storage
# This can be a unmapped index, but it is recommended that you run
# elastalert-create-index to set a mapping
writeback_index: elastalert_status

# If an alert fails for some reason, ElastAlert will retry
# sending the alert until this time period has elapsed
alert_time_limit:
  days: 2

elastalert/config/elastalert.yml

# The elasticsearch hostname for metadata writeback
# Note that every rule can have its own elasticsearch host
es_host: elasticsearch

# The elasticsearch port
es_port: 9200

# This is the folder that contains the rule yaml files
# Any .yaml file will be loaded as a rule
rules_folder: rules

# How often ElastAlert will query elasticsearch
# The unit can be anything from weeks to seconds
run_every:
  seconds: 5

# ElastAlert will buffer results from the most recent
# period of time, in case some log sources are not in real time
buffer_time:
  minutes: 1

# Optional URL prefix for elasticsearch
#es_url_prefix: elasticsearch

# Connect with TLS to elasticsearch
#use_ssl: True

# Verify TLS certificates
#verify_certs: True

# GET request with body is the default option for Elasticsearch.
# If it fails for some reason, you can pass 'GET', 'POST' or 'source'.
# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport
# for details
#es_send_get_body_as: GET

# Option basic-auth username and password for elasticsearch
#es_username: someusername
#es_password: somepassword

# The index on es_host which is used for metadata storage
# This can be a unmapped index, but it is recommended that you run
# elastalert-create-index to set a mapping
writeback_index: elastalert_status

# If an alert fails for some reason, ElastAlert will retry
# sending the alert until this time period has elapsed
alert_time_limit:
  days: 2

chmod 777 es/data
chmod 777 elastalert/rules
chmod 777 elastalert/rule_templates

[MinnMoto]

@nsano-rururu You have given me much to consider here. Let me see what I can do.

1. Yes, docker save is how I am exporting the image to move it to my RHEL server.
2. I don't have Kibana or Elasticsearch installed on my WSL environment since that isn't my target. On my RHEL server, I have Kibana and Elsaticsearch 7.6.2 running in Docker. I am hoping to have Elasticsearch on the same bridge network.

My Elastalert install in WSL gives an eniterly different error: 500. There might be more there for me to pour through though.

Thank you. I'll look at the files you recommend and try that.

[nsano-rururu]

ElastAlert manages ElastAlert execution history and delta information with Elasticsearch index.
The ElastAlert index created in Elasticsearch is as follows.

elastalert_status_error
https://elastalert.readthedocs.io/en/latest/elastalert_status.html#elastalert-error
elastalert_status_status
https://elastalert.readthedocs.io/en/latest/elastalert_status.html#elastalert-status
elastalert_status
https://elastalert.readthedocs.io/en/latest/elastalert_status.html#elastalert
elastalert_status_silence
https://elastalert.readthedocs.io/en/latest/elastalert_status.html#silence
elastalert_status_past

[nsano-rururu]

The main ElastAlert docker images are as follows.
bitsensor/elastalert:2.0.1 and bitsensor/elastalert:latest use a version of ElastAlert that doesn't work with Elasticsearch 7.x.
Please be careful.

Docker image name	tag	ElastAlert	Remarks
bitsensor/elastalert	2.0.1	0.1.39	Problem with Elastcserach 7.x
bitsensor/elastalert	lastet	0.1.39	Problem with Elastcserach 7.x
bitsensor/elastalert	3.0.0-beta.0	0.2.0b2
bitsensor/elastalert	3.0.0-beta.1	0.2.0b2
servercentral/elastalert	latest	0.2.1
daichi703n/elastalert	0.2.1-dev2	0.2.1
johnsusek/elastalert-server	1592081541	0.2.4	Library update Babel 6 → 7 bug fix

[MinnMoto]

@nsano-rururu Thank you. I am trying to build a more current version of Elastalert (7.x compatible) to use in a new Docker image, based on bitsensor's build. Still running in to issues though. I appreciate your feedback.

[nsano-rururu]

If the issue is still occurring, please tell me the command you ran and the error message

[mpokale]

・What are Elasticsearch and Kibana version

Hi
I created a docker image following instructions above.
This is what my Dockerfile looks like

FROM bitsensor/elastalert:3.0.0-beta.1

USER root

RUN apk update && \
    apk add bash curl && \
    rm -rf /var/cache/apk/*

ADD elastalert-start.sh /usr/local/bin/
ADD elastic_search_status.sh /usr/local/bin/

ADD elastalert_config.yml /opt/elastalert/config.yaml
ADD config.json /opt/elastalert-server/config/config.json

RUN chmod +x /usr/local/bin/elastalert-start.sh & \
    chmod +x /usr/local/bin/elastic_search_status.sh

USER node

ENTRYPOINT ["/usr/local/bin/elastalert-start.sh"]

Elastalert is not able to create an index . These are the errors I see when

 ERROR elastalert-server: ProcessController:  Index create exited with code null
WARN elastalert-server: ProcessController:  ElastAlert will start but might not be able to save its data!

ERROR elastalert-server: ProcessController:  ElastAlert error: Error: spawn python ENOENT

[mpokale]

Not sure what I am missing. Any help would be appreciated.

[nsano-rururu]

@mpokale

There was an unnecessary description in elastalert/bin/elastalert-start.sh due to an edit error when posting.
I'm sorry. Please delete the last "es/config/elasticsearch.yml"
The following is the modified file.

elastalert/bin/elastalert-start.sh

#!/bin/bash

set -e

echo "Giving Elasticsearch at $ELASTICSEARCH_URL time to start..."

elastic_search_status.sh

echo "Starting ElastAlert!"
npm start

$ docker-compose up -d

Creating network "docker-wk2_default" with the default driver
Building elastalert
Step 1/8 : FROM bitsensor/elastalert:3.0.0-beta.1
3.0.0-beta.1: Pulling from bitsensor/elastalert
e7c96db7181b: Pull complete
a2b3c20ed471: Pull complete
240c8d07e1ef: Pull complete
21738480b7ba: Pull complete
286cffb73e5d: Pull complete
24811aea01f9: Pull complete
d995c5ef50ca: Pull complete
15dd9dd8a384: Pull complete
ab7e44ebeb95: Pull complete
5ab0c670062c: Pull complete
7729b112a0a4: Pull complete
fbd177108eb1: Pull complete
9c872644fed2: Pull complete
aaa0086e5505: Pull complete
8904b357be3b: Pull complete
7659d5a04b51: Pull complete
705120238ab4: Pull complete
Digest: sha256:6e0717867d173123752565da458f09cf8c83f52596e7b6a360fc5fe1f20d85de
Status: Downloaded newer image for bitsensor/elastalert:3.0.0-beta.1
 ---> e4cff875f215
Step 2/8 : USER root
 ---> Running in 132d9f5f7a60
Removing intermediate container 132d9f5f7a60
 ---> d46066e824b0
Step 3/8 : RUN apk update &&     apk add bash curl &&     rm -rf /var/cache/apk/*
 ---> Running in 14edd6dbb9e0
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz
v3.9.6-41-gfb13b1c2d8 [http://dl-cdn.alpinelinux.org/alpine/v3.9/main]
v3.9.6-37-g4a8b4cfd7e [http://dl-cdn.alpinelinux.org/alpine/v3.9/community]
OK: 9789 distinct packages available
(1/1) Installing bash (4.4.19-r1)
Executing bash-4.4.19-r1.post-install
Executing busybox-1.29.3-r10.trigger
OK: 66 MiB in 35 packages
Removing intermediate container 14edd6dbb9e0
 ---> 3e8bb3d771cd
Step 4/8 : ADD elastalert/bin/elastalert-start.sh /usr/local/bin/
 ---> d04fb0e6ef40
Step 5/8 : ADD elastalert/bin/elastic_search_status.sh /usr/local/bin/
 ---> 8bf7baa62049
Step 6/8 : RUN chmod +x /usr/local/bin/elastalert-start.sh &     chmod +x /usr/local/bin/elastic_search_status.sh
 ---> Running in 5235a6687e17
Removing intermediate container 5235a6687e17
 ---> 58dd6229d4b5
Step 7/8 : USER node
 ---> Running in c3e0e94fd109
Removing intermediate container c3e0e94fd109
 ---> 05ca6e3ba13c
Step 8/8 : ENTRYPOINT ["/usr/local/bin/elastalert-start.sh"]
 ---> Running in c998f78daa49
Removing intermediate container c998f78daa49
 ---> 9c4a3c4553c6

Successfully built 9c4a3c4553c6
Successfully tagged elastalert:3.0.0-beta.1
WARNING: Image for service elastalert was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Creating elasticsearch ... done
Creating kibana        ... done
Creating elastalert    ... done

$ docker logs -f elastalert

Giving Elasticsearch at  time to start...
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
curl: (7) Failed to connect to elasticsearch port 9200: Connection refused
Elasticsearch is up and healthy at http://elasticsearch:9200
Starting ElastAlert!

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert-server
> sh ./scripts/start.sh

23:06:17.139Z  INFO elastalert-server: Config:  No config.dev.json file was found in /opt/elastalert-server/config/config.dev.json.
23:06:17.141Z  INFO elastalert-server: Config:  Proceeding to look for normal config file.
23:06:17.173Z  INFO elastalert-server: Config:  A config file was found in /opt/elastalert-server/config/config.json. Using that config.
23:06:17.199Z  INFO elastalert-server: Router:  Listening for GET request on /.
23:06:17.200Z  INFO elastalert-server: Router:  Listening for GET request on /status.
23:06:17.200Z  INFO elastalert-server: Router:  Listening for GET request on /status/control/:action.
23:06:17.201Z  INFO elastalert-server: Router:  Listening for GET request on /status/errors.
23:06:17.201Z  INFO elastalert-server: Router:  Listening for GET request on /rules.
23:06:17.204Z  INFO elastalert-server: Router:  Listening for GET request on /rules/:id.
23:06:17.223Z  INFO elastalert-server: Router:  Listening for POST request on /rules/:id.
23:06:17.227Z  INFO elastalert-server: Router:  Listening for DELETE request on /rules/:id.
23:06:17.228Z  INFO elastalert-server: Router:  Listening for GET request on /templates.
23:06:17.228Z  INFO elastalert-server: Router:  Listening for GET request on /templates/:id.
23:06:17.228Z  INFO elastalert-server: Router:  Listening for POST request on /templates/:id.
23:06:17.228Z  INFO elastalert-server: Router:  Listening for DELETE request on /templates/:id.
23:06:17.228Z  INFO elastalert-server: Router:  Listening for POST request on /test.
23:06:17.228Z  INFO elastalert-server: Router:  Listening for GET request on /config.
23:06:17.228Z  INFO elastalert-server: Router:  Listening for POST request on /config.
23:06:17.229Z  INFO elastalert-server: Router:  Listening for POST request on /download.
23:06:17.229Z  INFO elastalert-server: Router:  Listening for GET request on /metadata/:type.
23:06:17.229Z  INFO elastalert-server: Router:  Listening for GET request on /mapping/:index.
23:06:17.229Z  INFO elastalert-server: Router:  Listening for POST request on /search/:index.
23:06:17.241Z  INFO elastalert-server: ProcessController:  Starting ElastAlert
23:06:17.242Z  INFO elastalert-server: ProcessController:  Creating index
23:06:23.319Z  INFO elastalert-server:
    ProcessController:  Elastic Version: 7.8.0
    Reading Elastic 6 index mappings:
    Reading index mapping 'es_mappings/6/silence.json'
    Reading index mapping 'es_mappings/6/elastalert_status.json'
    Reading index mapping 'es_mappings/6/elastalert.json'
    Reading index mapping 'es_mappings/6/past_elastalert.json'
    Reading index mapping 'es_mappings/6/elastalert_error.json'
    New index elastalert_status created
    Done!
    
23:06:23.319Z  INFO elastalert-server: ProcessController:  Index create exited with code 0
23:06:23.319Z  INFO elastalert-server: ProcessController:  Starting elastalert with arguments [none]
23:06:23.332Z  INFO elastalert-server: ProcessController:  Started Elastalert (PID: 220)
23:06:23.335Z  INFO elastalert-server: Server:  Server listening on port 3030
23:06:23.338Z  INFO elastalert-server: Server:  Websocket listening on port 3333
23:06:23.339Z  INFO elastalert-server: Server:  Server started
23:06:37.411Z  INFO elastalert-server: Routes:  Successfully handled GET request for '/'.
23:07:07.699Z  INFO elastalert-server: Routes:  Successfully handled GET request for '/'.
23:07:37.958Z  INFO elastalert-server: Routes:  Successfully handled GET request for '/'.

$ docker ps

CONTAINER ID        IMAGE                                                 COMMAND                  CREATED             STATUS                   PORTS                                            NAMES
54587da0acdd        elastalert:3.0.0-beta.1                               "/usr/local/bin/elas…"   2 minutes ago       Up 2 minutes (healthy)   0.0.0.0:3030->3030/tcp, 0.0.0.0:3333->3333/tcp   elastalert
f4d3f2cfb606        docker.elastic.co/kibana/kibana:7.8.0                 "/usr/local/bin/dumb…"   2 minutes ago       Up 2 minutes (healthy)   0.0.0.0:5601->5601/tcp                           kibana
11209db1d6f4        docker.elastic.co/elasticsearch/elasticsearch:7.8.0   "/tini -- /usr/local…"   2 minutes ago       Up 2 minutes (healthy)   0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp   elasticsearch

[MinnMoto]

Thank you. I already commented that out thinking it was something custom you were doing. Cheers! Dan

…

On Fri, Jun 26, 2020, 6:35 PM Naoyuki Sano ***@***.***> wrote: @mpokale <https://github.com/mpokale> There was an unnecessary description in elastalert/bin/elastalert-start.sh due to an edit error when posting. I'm sorry. Please delete the last "es/config/elasticsearch.yml" The following is the modified file. elastalert/bin/elastalert-start.sh #!/bin/bash set -e echo "Giving Elasticsearch at $ELASTICSEARCH_URL time to start..." elastic_search_status.sh echo "Starting ElastAlert!" npm start — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#176 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACTR2PVV56VBS26LHBV3HA3RYUWEBANCNFSM4OFDC4TQ> .

[nsano-rururu]

No more information from me. Do your best afterwards

[MinnMoto]

You've been very helpful. Thank you. Cheers! Dan

…

On Fri, Jun 26, 2020, 10:05 PM Naoyuki Sano ***@***.***> wrote: No more information from me. Do your best afterwards — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#176 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACTR2PSYKDHYFV4HD2Z7DJTRYVOZHANCNFSM4OFDC4TQ> .

[mpokale]

@nsano-rururu Thank you!