python3运行规则匹配到后不发送告警，0sent?

[acooljj]

python3 -m elastalert.elastalert --verbose --rule ../elastalert_wechat_plugin/es_rules/wechart2.yaml --config ../elastalert_wechat_plugin/config/config.yaml
1 rules loaded
INFO:elastalert:Starting up
INFO:elastalert:Disabled rules are: []
INFO:elastalert:Sleeping for 59.999454 seconds
INFO:elastalert:Queried rule schedulee from 2020-03-09 16:26 CST to 2020-03-09 16:30 CST: 12 / 12 hits
/usr/local/python3.6/lib/python3.6/site-packages/urllib3-1.25.8-py3.6.egg/urllib3/connectionpool.py:1004: InsecureRequestWarning: Unverified HTTPS request is being made to host 'qyapi.weixin.qq.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning,
ERROR:root:Traceback (most recent call last):
File "/data/elastalert/elastalert/elastalert.py", line 1450, in alert
return self.send_alert(matches, rule, alert_time=alert_time, retried=retried)
File "/data/elastalert/elastalert/elastalert.py", line 1544, in send_alert
alert.alert(matches)
File "/usr/local/python3.6/lib/python3.6/site-packages/elastalert-0.2.1-py3.6.egg/elastalert_modules/wechat_qiye_alert.py", line 57, in alert
self.senddata(body)
File "/usr/local/python3.6/lib/python3.6/site-packages/elastalert-0.2.1-py3.6.egg/elastalert_modules/wechat_qiye_alert.py", line 124, in senddata
response = requests.post(send_url, data=json.dumps(payload, ensure_ascii=False), headers=headers,verify=False)
File "/usr/local/python3.6/lib/python3.6/json/init.py", line 238, in dumps
**kw).encode(obj)
File "/usr/local/python3.6/lib/python3.6/json/encoder.py", line 199, in encode
chunks = self.iterencode(o, _one_shot=True)
File "/usr/local/python3.6/lib/python3.6/json/encoder.py", line 257, in iterencode
return _iterencode(o, 0)
File "/usr/local/python3.6/lib/python3.6/json/encoder.py", line 180, in default
o.class.name)
TypeError: Object of type 'bytes' is not JSON serializable

ERROR:root:Uncaught exception running rule schedulee: Object of type 'bytes' is not JSON serializable
INFO:elastalert:Rule schedulee disabled
INFO:elastalert:Ignoring match for silenced rule schedulee
INFO:elastalert:Ignoring match for silenced rule schedulee
INFO:elastalert:Ignoring match for silenced rule schedulee
INFO:elastalert:Ignoring match for silenced rule schedulee
INFO:elastalert:Ignoring match for silenced rule schedulee
INFO:elastalert:Ignoring match for silenced rule schedulee
INFO:elastalert:Ignoring match for silenced rule schedulee
INFO:elastalert:Ignoring match for silenced rule schedulee
INFO:elastalert:Ignoring match for silenced rule schedulee
INFO:elastalert:Ignoring match for silenced rule schedulee
INFO:elastalert:Ignoring match for silenced rule schedulee
INFO:elastalert:Ran schedulee from 2020-03-09 16:26 CST to 2020-03-09 16:30 CST: 12 query hits (0 already seen), 12 matches, 0 alerts sent

[acooljj]

INFO:elastalert:Ignoring match for silenced rule log_error
INFO:elastalert:Ran log_error from 2020-03-09 16:40 CST to 2020-03-09 16:55 CST: 988 query hits (0 already seen), 988 matches, 0 alerts sent
INFO:elastalert:Background configuration change check run at 2020-03-09 16:55 CST
WARNING:elasticsearch:GET http://172.16.50.43:9200/elastalert_status_status/_search?size=1000 [status:400 request:0.009s]
ERROR:root:Error finding recent pending alerts: RequestError(400, 'search_phase_execution_exception', 'No mapping found for [alert_time] in order to sort on') {'query': {'bool': {'must': {'query_string': {'query': '!exists:aggregate_id AND alert_sent:false'}}, 'filter': {'range': {'alert_time': {'from': '2020-03-08T08:55:48.751438Z', 'to': '2020-03-09T08:55:48.751494Z'}}}}}, 'sort': {'alert_time': {'order': 'asc'}}}
Traceback (most recent call last):
File "/data/elastalert/elastalert/elastalert.py", line 1640, in find_recent_pending_alerts
res = self.writeback_es.search(index=self.writeback_index, body=query, size=1000)
File "/usr/local/python3.6/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/client/utils.py", line 84, in _wrapped
return func(*args, params=params, **kwargs)
File "/usr/local/python3.6/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/client/init.py", line 811, in search
"GET", _make_path(index, "_search"), params=params, body=body
File "/usr/local/python3.6/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/transport.py", line 318, in perform_request
status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)
File "/usr/local/python3.6/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/connection/http_requests.py", line 91, in perform_request
self._raise_error(response.status_code, raw_data)
File "/usr/local/python3.6/lib/python3.6/site-packages/elasticsearch-7.0.0-py3.6.egg/elasticsearch/connection/base.py", line 131, in _raise_error
raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_message, additional_info)
elasticsearch.exceptions.RequestError: RequestError(400, 'search_phase_execution_exception', 'No mapping found for [alert_time] in order to sort on')
INFO:elastalert:Background alerts thread 0 pending alerts sent at 2020-03-09 16:55 CST

[acooljj]

在看了前一个问题的解决方法里测试了他修改后的wechart_module.py,发现还是0sent，不知道这是啥情况。

[leqii-com]

@acooljj 解决了吗?我也跟你一样。