From 734caf2bb55ea9e4c086d6e1bcacf5dbe8710455 Mon Sep 17 00:00:00 2001 From: Feroz Date: Mon, 5 Oct 2020 11:29:50 +0100 Subject: [PATCH] Fix the use of timestamps in the Jira ticket titles This has come about because we currently use records which have timestamps like: ``` "@timestamp": { "min": "2020-10-03T07:05:01.987Z", "max": "2020-10-05T07:05:09.572Z" }, ``` These work fine with the `timestamp_field` set to `@timestamp.min`. However, when we try to create a Jira alert using ElastAlert from these, we run into a Python error: ``` File "/usr/local/lib/python3.6/site-packages/elastalert/alerts.py", line 875, in create_default_title, title += ' - %s' % (pretty_ts(matches[0][self.rule['timestamp_field']], self.rule.get('use_local_time'))), KeyError: '@timestamp.min' ``` This is because matches[0][self.rule['timestamp_field']] attempts to access the `timestamp_field` directly rather than using a `get()`. The proposed fix will not change any existing behaviour, but will skip the addition of a timestamp to the ticket title if the required field doesn't exist, rather than throwing an error and disabling the rule. --- elastalert/alerts.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/elastalert/alerts.py b/elastalert/alerts.py index d3fa7518f..f2f31853f 100644 --- a/elastalert/alerts.py +++ b/elastalert/alerts.py @@ -868,7 +868,9 @@ def create_default_title(self, matches, for_search=False): if for_search: return title - title += ' - %s' % (pretty_ts(matches[0][self.rule['timestamp_field']], self.rule.get('use_local_time'))) + timestamp = matches[0].get(self.rule['timestamp_field']) + if timestamp: + title += ' - %s' % (pretty_ts(timestamp, self.rule.get('use_local_time'))) # Add count for spikes count = matches[0].get('spike_count')