I've attempted to integrated 411 with ES6.3, but am when I try to test a sample alert, i get no results, and see my Elasticsearch Container return this:
elasticsearch | [2018-08-05T22:44:24,606][WARN ][o.e.d.c.ParseField ] Deprecated field [include] used, expected [includes] instead
I replaced include with includes where it appeared in phplib/Filter/Regex.php and phplib/Filter/Expression.php, which seems to let ES accept the request, but it still returns no results.
Incidentally, in Kibana I saw that 411 had created an index called 411_alerts_1, so 411 is communicating with ES somewhat.
Also, when looking at config.php, I couldn't figure out why each ES index has a host key and and index_hosts key, so I deleted the later, which caused 411 to not recognize that ES was running; that could be a different issue though.
I made the most minor of changes to your Dockerfile, you can see my setup here:
https://github.com/lucasjkr/docker-elk/tree/master/fouroneone
I've attempted to integrated 411 with ES6.3, but am when I try to test a sample alert, i get no results, and see my Elasticsearch Container return this:
elasticsearch | [2018-08-05T22:44:24,606][WARN ][o.e.d.c.ParseField ] Deprecated field [include] used, expected [includes] insteadI replaced
includewithincludeswhere it appeared inphplib/Filter/Regex.phpandphplib/Filter/Expression.php, which seems to let ES accept the request, but it still returns no results.Incidentally, in Kibana I saw that 411 had created an index called
411_alerts_1, so 411 is communicating with ES somewhat.Also, when looking at
config.php, I couldn't figure out why each ES index has ahostkey and andindex_hostskey, so I deleted the later, which caused 411 to not recognize that ES was running; that could be a different issue though.I made the most minor of changes to your Dockerfile, you can see my setup here:
https://github.com/lucasjkr/docker-elk/tree/master/fouroneone