def writeback(self, doc_type, body):
# ES 2.0 - 2.3 does not support dots in field names.
if self.replace_dots_in_field_names:
writeback_body = replace_dots_in_field_names(body)
else:
writeback_body = body
for key in writeback_body.keys():
# Convert any datetime objects to timestamps
if isinstance(writeback_body[key], datetime.datetime):
writeback_body[key] = dt_to_ts(writeback_body[key])
if self.debug:
elastalert_logger.info("Skipping writing to ES: %s" % (writeback_body))
return None
if '@timestamp' not in writeback_body:
writeback_body['@timestamp'] = dt_to_ts(ts_now())
if self.writeback_es:
try:
res = self.writeback_es.create(index=self.writeback_index,
doc_type=doc_type, body=writeback_body)
return res
except ElasticsearchException as e:
logging.exception("Error writing alert info to Elasticsearch: %s" % (e))
self.writeback_es = None
评论列表
文章目录
