Skip to content
This repository was archived by the owner on Nov 26, 2025. It is now read-only.
This repository was archived by the owner on Nov 26, 2025. It is now read-only.

Elasticsearch 'include' is deprecated #190

Description

@lucasjkr

I've attempted to integrated 411 with ES6.3, but am when I try to test a sample alert, i get no results, and see my Elasticsearch Container return this:

elasticsearch | [2018-08-05T22:44:24,606][WARN ][o.e.d.c.ParseField ] Deprecated field [include] used, expected [includes] instead

I replaced include with includes where it appeared in phplib/Filter/Regex.php and phplib/Filter/Expression.php, which seems to let ES accept the request, but it still returns no results.

Incidentally, in Kibana I saw that 411 had created an index called 411_alerts_1, so 411 is communicating with ES somewhat.

Also, when looking at config.php, I couldn't figure out why each ES index has a host key and and index_hosts key, so I deleted the later, which caused 411 to not recognize that ES was running; that could be a different issue though.

I made the most minor of changes to your Dockerfile, you can see my setup here:

https://github.com/lucasjkr/docker-elk/tree/master/fouroneone

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions