Got an error with "TypeError: deprecated_search() got an unexpected keyword argument 'headers'"

[keanliu]

I was trying to have a try with a simple alert, but go an error, searched with goole, without getting any result, the exception stack as following:

[root@elasticsearch ~]# elastalert-test-rule --config config.yaml /root/alert_rules/cpu_too_high.yaml
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
To send them but remain verbose, use --verbose instead.
Error running your filter:
TypeError("search() got multiple values for argument 'body'",)
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
To send them but remain verbose, use --verbose instead.
1 rules loaded
INFO:apscheduler.scheduler:Adding job tentatively -- it will be properly scheduled when the scheduler starts
Traceback (most recent call last):
File "/usr/local/bin/elastalert-test-rule", line 11, in
load_entry_point('elastalert==0.2.1', 'console_scripts', 'elastalert-test-rule')()
File "/usr/local/lib/python3.6/site-packages/elastalert/test_rule.py", line 445, in main
test_instance.run_rule_test()
File "/usr/local/lib/python3.6/site-packages/elastalert/test_rule.py", line 437, in run_rule_test
self.run_elastalert(rule_yaml, conf, args)
File "/usr/local/lib/python3.6/site-packages/elastalert/test_rule.py", line 318, in run_elastalert
client.run_rule(rule, endtime, starttime)
File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 883, in run_rule
if not self.run_query(rule, rule['starttime'], tmp_endtime):
File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 630, in run_query
data = self.get_hits_aggregation(rule, start, end, index, rule.get('query_key', None))
File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 564, in get_hits_aggregation
body=query, size=0, ignore_unavailable=True)
File "/usr/local/lib/python3.6/site-packages/elasticsearch/client/utils.py", line 92, in _wrapped
return func(*args, params=params, headers=headers, **kwargs)
TypeError: deprecated_search() got an unexpected keyword argument 'headers'

---

Environment information:

OS version: CentOS Linux release 7.7.1908 (Core)
Elasticsearch version: 7.6.1
Python version: 3.6.8

[lessmian]

The same here with elastalert 0.2.1 and elasticsearch 7.6. Pip freeze:
APScheduler==3.6.3 attrs==19.3.0 aws-requests-auth==0.4.2 blist==1.3.6 boto3==1.12.31 botocore==1.15.31 certifi==2019.11.28 cffi==1.14.0 chardet==3.0.4 configparser==5.0.0 croniter==0.3.31 defusedxml==0.6.0 docopt==0.6.2 docutils==0.15.2 elastalert==0.2.1 elasticsearch==7.6.0 envparse==0.2.0 exotel==0.1.5 future==0.18.2 idna==2.9 importlib-metadata==1.6.0 jira==1.0.14 jmespath==0.9.5 jsonschema==2.6.0 mock==4.0.2 oauthlib==3.1.0 pbr==5.4.4 prison==0.1.3 py-zabbix==1.1.3 pycparser==2.20 PyJWT==1.7.1 pyrsistent==0.16.0 PySocks==1.7.1 PyStaticConfiguration==0.10.4 python-dateutil==2.6.1 python-magic==0.4.15 pytz==2019.3 PyYAML==5.3.1 requests==2.23.0 requests-oauthlib==1.3.0 requests-toolbelt==0.9.1 s3transfer==0.3.3 six==1.14.0 stomp.py==6.0.0 texttable==1.6.2 thehive4py==1.6.0 twilio==6.0.0 tzlocal==2.0.0 urllib3==1.25.8 zipp==3.1.0

[keanliu]

Thanks in advance, is there some input upon how to solve the problem?

[samz-github]

I was trying to have a try with a simple alert, but go an error, searched with goole, without getting any result, the exception stack as following:

[root@elasticsearch ~]# elastalert-test-rule --config config.yaml /root/alert_rules/cpu_too_high.yaml
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
To send them but remain verbose, use --verbose instead.
Error running your filter:
TypeError("search() got multiple values for argument 'body'",)
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
To send them but remain verbose, use --verbose instead.
1 rules loaded
INFO:apscheduler.scheduler:Adding job tentatively -- it will be properly scheduled when the scheduler starts
Traceback (most recent call last):
File "/usr/local/bin/elastalert-test-rule", line 11, in
load_entry_point('elastalert==0.2.1', 'console_scripts', 'elastalert-test-rule')()
File "/usr/local/lib/python3.6/site-packages/elastalert/test_rule.py", line 445, in main
test_instance.run_rule_test()
File "/usr/local/lib/python3.6/site-packages/elastalert/test_rule.py", line 437, in run_rule_test
self.run_elastalert(rule_yaml, conf, args)
File "/usr/local/lib/python3.6/site-packages/elastalert/test_rule.py", line 318, in run_elastalert
client.run_rule(rule, endtime, starttime)
File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 883, in run_rule
if not self.run_query(rule, rule['starttime'], tmp_endtime):
File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 630, in run_query
data = self.get_hits_aggregation(rule, start, end, index, rule.get('query_key', None))
File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 564, in get_hits_aggregation
body=query, size=0, ignore_unavailable=True)
File "/usr/local/lib/python3.6/site-packages/elasticsearch/client/utils.py", line 92, in _wrapped
return func(*args, params=params, headers=headers, **kwargs)
TypeError: deprecated_search() got an unexpected keyword argument 'headers'

Environment information:

OS version: CentOS Linux release 7.7.1908 (Core)
Elasticsearch version: 7.6.1
Python version: 3.6.8

I also encounter same issue.

[kvskjava]

Hi Team,

I also got the same error. Couldn't find what's going wrong. Even the example rule in elastalert git folder(example_rules/example_percentage_match.yaml) itself is not working.

Seems there is a bug in elastalert. Please let me know if any one found the problem/solution to proceed further.

[bleizg]

Same error, with the last version of elastalert:

elastalert_error - {'message': "Uncaught exception running rule <removed>: deprecated_search() got an unexpected keyword argument 'headers'", 'traceback':
['Traceback (most recent call last):', '  File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 1440, in alert', '    return self.send_alert(match
es, rule, alert_time=alert_time, retried=retried)', '  File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 1475, in send_alert', '    counts = s
elf.get_top_counts(rule, start, end, keys, qk=qk)', '  File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 1978, in get_top_counts', '    hits_t
erms = self.get_hits_terms(rule, starttime, endtime, index, key, qk, number)', '  File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 517, in ge
t_hits_terms', '    body=query, size=0, ignore_unavailable=True)', '  File "/usr/local/lib/python3.6/site-packages/elasticsearch/client/utils.py", line 92, in _wrapped',
 '    return func(*args, params=params, headers=headers, **kwargs)', "TypeError: deprecated_search() got an unexpected keyword argument 'headers'"], 'data': {'rule': '<removed>'}}

[kvskjava]

Has anyone found any previous version which works fine without this error?

Please let me know if anyone finds some way to proceed further. I'm also trying to find out a way to proceed further and will let you know if I find something.

[ThinkMo]

use elasticsearch==7.0.0, elasticsearch==7.6.1 will cause this error!

[kvskjava]

use elasticsearch==7.1.0, elasticsearch==7.6.1 will cause this error!

Hi ThinkMo,

We didn't get you what to use. Earlier I was using elasticsearch-7.6.1, after your comment I've downloaded elasticsearch-7.1.0 and started it.

When I try to check existing example rule by below command:
elastalert-test-rule --config config.yaml example_rules/example_percentage_match.yaml

still I'm getting same error(TypeError: deprecated_search() got an unexpected keyword argument 'headers')

Am I missing anything or doing anything wrong? Please help.

[ThinkMo]

use elasticsearch==7.1.0, elasticsearch==7.6.1 will cause this error!

Hi ThinkMo,

We didn't get you what to use. Earlier I was using elasticsearch-7.6.1, after your comment I've downloaded elasticsearch-7.1.0 and started it.

When I try to check existing example rule by below command:
elastalert-test-rule --config config.yaml example_rules/example_percentage_match.yaml

still I'm getting same error(TypeError: deprecated_search() got an unexpected keyword argument 'headers')

Am I missing anything or doing anything wrong? Please help.

sorry, try this
pip install elasticsearch==7.0.0

i first pip install elasticsearch==7.1.0, same error as you
then pip install elasticsearch==7.0.0, it's ok for me, i forgot update

[perceptron01]

I also got the same error with combination of elastalert==0.2.1 and elasticsearch==7.6.0.

So I version downed python elasticsearch library as below.
pip install elasticsearch==7.5.1

After that, the problem was solved with combination of elastalert==0.2.1 and elasticsearch==7.5.1.

I guess there seems to be something wrong with combination of library elasticsearch==7.6.0 and elastalert.

[kvskjava]

use elasticsearch==7.1.0, elasticsearch==7.6.1 will cause this error!

Hi ThinkMo,
We didn't get you what to use. Earlier I was using elasticsearch-7.6.1, after your comment I've downloaded elasticsearch-7.1.0 and started it.
When I try to check existing example rule by below command:
elastalert-test-rule --config config.yaml example_rules/example_percentage_match.yaml
still I'm getting same error(TypeError: deprecated_search() got an unexpected keyword argument 'headers')
Am I missing anything or doing anything wrong? Please help.

sorry, try this
pip install elasticsearch==7.0.0

i first pip install elasticsearch==7.1.0, same error as you
then pip install elasticsearch==7.0.0, it's ok for me, i forgot update

Hi ThinkMo,

Thank you. After trying with pip install elasticsearch=7.0.0, I didn't get that error after executing rules. Thanks a lot.

Seems there is no link with the elasticsearch server we are running(whether it's 7.6.1 or 7.1.0). Only pip install elasticsearch=7.0.0 has to be installed and it worked.

[kvskjava]

Hi All,

I'm able to proceed further but when I try to use alert type as stomp, it's not working as expected.
Is it something related to our error? I've created a issue for that with #2731
Please let me know if anyone finds anything to proceed further.

[JoshuaSmeda]

Running into the same error. I had some success in manually installing elasticsearch==7.0.0 but the errors still comes through now and then,

[bleizg]

Tried with elasticsearch==7.0.0, I still have some errors.
It seems the elasticsearch==7.5.1 is more stable.

[jfcantu]

It appears that there were some breaking changes in elasticsearch-py in v7.5.0. I wound up here specifically because of the TypeError("search() got multiple values for argument 'body'",) error, which was caused by this change to client.search() in elasticsearch-py:

Old definition: def search(self, index=None, body=None, params=None):
New definition: def search(self, body=None, index=None, doc_type=None, params=None):

This specifically affects test_rule.py in ElastAlert, which passes index to client.search() as a positional rather than a named parameter, and causes Python to think that it's the body parameter and then fail when it encounters the actual body parameter:

elastalert/elastalert/test_rule.py

Line 86 in 4ebdabf

res = es_client.search(index, size=1, body=query, ignore_unavailable=True)

elastalert/elastalert/test_rule.py

Line 156 in 4ebdabf

res = es_client.search(index, size=args.max_query_size, body=query, ignore_unavailable=True)

I'd guess that similar breaking changes were the reason behind the other errors referenced in this issue.

[LazarenkoA]

I'd guess that similar breaking changes were the reason behind the other errors referenced in this issue.

hi so what to do in this case? The repository is not fixed, can send PR?

[StefanSa]

any news on this case ?

[rabiashaikabdulkader]

Has anyone resolved this? I get the same error with the combination of elastalert : 0.2.1 and elastic search 7.5.1

[nsano-rururu]

@jfcantu

Please let me know if you know the situation.
Did anyone make a pull request for the problem with elasticsearch-py v7.5.0 and test_rule.py?
Or are you doing nothing in particular?

[nsano-rururu]

I tried it with elasticsearch-py 7.10.0 and ElastAlert 0.2.4.

The correction method is as follows.

test_rules.py

Line86

res = es_client.search(index, size=1, body=query, ignore_unavailable=True)
↓
res = es_client.search(index=index, size=1, body=query, ignore_unavailable=True)

Line112

res = es_client.count(index, doc_type=doc_type, body=count_query, ignore_unavailable=True)
↓
res = es_client.count(index=index, doc_type=doc_type, body=count_query, ignore_unavailable=True)

Line 156

res = es_client.search(index, size=args.max_query_size, body=query, ignore_unavailable=True)
↓
res = es_client.search(index=index, size=args.max_query_size, body=query, ignore_unavailable=True)

[nsano-rururu]

elasticsearch-py	Test Run	Send real alerts
7.0.0	〇	〇
7.10.0	✖	✖
7.10.0	〇 (fix test_rules.py )	✖
7.10.0	〇 (fix test_rules.py )	〇 (Fix initializing self.thread_data.alerts_sent for running elastalert-test-rule #2991)

When I created a new index, the following warning was output, but it did not affect the operation of Elast Alert. No warning was output in the environment where the index of ElastAlert has already been created.

16:13:49.571Z ERROR elastalert-server:
    ProcessController:  /home/node/.local/lib/python3.8/site-packages/elasticsearch/connection/base.py:190: ElasticsearchDeprecationWarning: Camel case format name dateOptionalTime is deprecated and will be removed in a future version. Use snake case name date_optional_time instead.
      warnings.warn(message, category=ElasticsearchDeprecationWarning)
    /home/node/.local/lib/python3.8/site-packages/elasticsearch/connection/base.py:190: ElasticsearchDeprecationWarning: [types removal] Using include_type_name in put mapping requests is deprecated. The parameter will be removed in the next major version.
      warnings.warn(message, category=ElasticsearchDeprecationWarning)

[ashishkaransingh]

Hello,
Has this been resolved, any workaround?
Only getting this error when using rule type: Percentage Match