Got an error with "TypeError: deprecated_search() got an unexpected keyword argument 'headers'"

[keanliu]

I was trying to have a try with a simple alert, but go an error, searched with goole, without getting any result, the exception stack as following:

[root@elasticsearch ~]# elastalert-test-rule --config config.yaml /root/alert_rules/cpu_too_high.yaml
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
To send them but remain verbose, use --verbose instead.
Error running your filter:
TypeError("search() got multiple values for argument 'body'",)
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
To send them but remain verbose, use --verbose instead.
1 rules loaded
INFO:apscheduler.scheduler:Adding job tentatively -- it will be properly scheduled when the scheduler starts
Traceback (most recent call last):
File "/usr/local/bin/elastalert-test-rule", line 11, in
load_entry_point('elastalert==0.2.1', 'console_scripts', 'elastalert-test-rule')()
File "/usr/local/lib/python3.6/site-packages/elastalert/test_rule.py", line 445, in main
test_instance.run_rule_test()
File "/usr/local/lib/python3.6/site-packages/elastalert/test_rule.py", line 437, in run_rule_test
self.run_elastalert(rule_yaml, conf, args)
File "/usr/local/lib/python3.6/site-packages/elastalert/test_rule.py", line 318, in run_elastalert
client.run_rule(rule, endtime, starttime)
File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 883, in run_rule
if not self.run_query(rule, rule['starttime'], tmp_endtime):
File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 630, in run_query
data = self.get_hits_aggregation(rule, start, end, index, rule.get('query_key', None))
File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 564, in get_hits_aggregation
body=query, size=0, ignore_unavailable=True)
File "/usr/local/lib/python3.6/site-packages/elasticsearch/client/utils.py", line 92, in _wrapped
return func(*args, params=params, headers=headers, **kwargs)
TypeError: deprecated_search() got an unexpected keyword argument 'headers'

---

Environment information:

OS version: CentOS Linux release 7.7.1908 (Core)
Elasticsearch version: 7.6.1
Python version: 3.6.8

[lessmian]

The same here with elastalert 0.2.1 and elasticsearch 7.6. Pip freeze:
APScheduler==3.6.3 attrs==19.3.0 aws-requests-auth==0.4.2 blist==1.3.6 boto3==1.12.31 botocore==1.15.31 certifi==2019.11.28 cffi==1.14.0 chardet==3.0.4 configparser==5.0.0 croniter==0.3.31 defusedxml==0.6.0 docopt==0.6.2 docutils==0.15.2 elastalert==0.2.1 elasticsearch==7.6.0 envparse==0.2.0 exotel==0.1.5 future==0.18.2 idna==2.9 importlib-metadata==1.6.0 jira==1.0.14 jmespath==0.9.5 jsonschema==2.6.0 mock==4.0.2 oauthlib==3.1.0 pbr==5.4.4 prison==0.1.3 py-zabbix==1.1.3 pycparser==2.20 PyJWT==1.7.1 pyrsistent==0.16.0 PySocks==1.7.1 PyStaticConfiguration==0.10.4 python-dateutil==2.6.1 python-magic==0.4.15 pytz==2019.3 PyYAML==5.3.1 requests==2.23.0 requests-oauthlib==1.3.0 requests-toolbelt==0.9.1 s3transfer==0.3.3 six==1.14.0 stomp.py==6.0.0 texttable==1.6.2 thehive4py==1.6.0 twilio==6.0.0 tzlocal==2.0.0 urllib3==1.25.8 zipp==3.1.0

[keanliu]

Thanks in advance, is there some input upon how to solve the problem?

[samz-github]

I was trying to have a try with a simple alert, but go an error, searched with goole, without getting any result, the exception stack as following:

[root@elasticsearch ~]# elastalert-test-rule --config config.yaml /root/alert_rules/cpu_too_high.yaml
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
To send them but remain verbose, use --verbose instead.
Error running your filter:
TypeError("search() got multiple values for argument 'body'",)
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
To send them but remain verbose, use --verbose instead.
1 rules loaded
INFO:apscheduler.scheduler:Adding job tentatively -- it will be properly scheduled when the scheduler starts
Traceback (most recent call last):
File "/usr/local/bin/elastalert-test-rule", line 11, in
load_entry_point('elastalert==0.2.1', 'console_scripts', 'elastalert-test-rule')()
File "/usr/local/lib/python3.6/site-packages/elastalert/test_rule.py", line 445, in main
test_instance.run_rule_test()
File "/usr/local/lib/python3.6/site-packages/elastalert/test_rule.py", line 437, in run_rule_test
self.run_elastalert(rule_yaml, conf, args)
File "/usr/local/lib/python3.6/site-packages/elastalert/test_rule.py", line 318, in run_elastalert
client.run_rule(rule, endtime, starttime)
File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 883, in run_rule
if not self.run_query(rule, rule['starttime'], tmp_endtime):
File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 630, in run_query
data = self.get_hits_aggregation(rule, start, end, index, rule.get('query_key', None))
File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 564, in get_hits_aggregation
body=query, size=0, ignore_unavailable=True)
File "/usr/local/lib/python3.6/site-packages/elasticsearch/client/utils.py", line 92, in _wrapped
return func(*args, params=params, headers=headers, **kwargs)
TypeError: deprecated_search() got an unexpected keyword argument 'headers'

Environment information:

OS version: CentOS Linux release 7.7.1908 (Core)
Elasticsearch version: 7.6.1
Python version: 3.6.8

I also encounter same issue.

[kvskjava]

Hi Team,

I also got the same error. Couldn't find what's going wrong. Even the example rule in elastalert git folder(example_rules/example_percentage_match.yaml) itself is not working.

Seems there is a bug in elastalert. Please let me know if any one found the problem/solution to proceed further.

[bleizg]

Same error, with the last version of elastalert:

elastalert_error - {'message': "Uncaught exception running rule <removed>: deprecated_search() got an unexpected keyword argument 'headers'", 'traceback':
['Traceback (most recent call last):', '  File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 1440, in alert', '    return self.send_alert(match
es, rule, alert_time=alert_time, retried=retried)', '  File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 1475, in send_alert', '    counts = s
elf.get_top_counts(rule, start, end, keys, qk=qk)', '  File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 1978, in get_top_counts', '    hits_t
erms = self.get_hits_terms(rule, starttime, endtime, index, key, qk, number)', '  File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 517, in ge
t_hits_terms', '    body=query, size=0, ignore_unavailable=True)', '  File "/usr/local/lib/python3.6/site-packages/elasticsearch/client/utils.py", line 92, in _wrapped',
 '    return func(*args, params=params, headers=headers, **kwargs)', "TypeError: deprecated_search() got an unexpected keyword argument 'headers'"], 'data': {'rule': '<removed>'}}

[kvskjava]

Has anyone found any previous version which works fine without this error?

Please let me know if anyone finds some way to proceed further. I'm also trying to find out a way to proceed further and will let you know if I find something.

[ThinkMo]

use elasticsearch==7.0.0, elasticsearch==7.6.1 will cause this error!

[kvskjava]

use elasticsearch==7.1.0, elasticsearch==7.6.1 will cause this error!

Hi ThinkMo,

We didn't get you what to use. Earlier I was using elasticsearch-7.6.1, after your comment I've downloaded elasticsearch-7.1.0 and started it.

When I try to check existing example rule by below command:
elastalert-test-rule --config config.yaml example_rules/example_percentage_match.yaml

still I'm getting same error(TypeError: deprecated_search() got an unexpected keyword argument 'headers')

Am I missing anything or doing anything wrong? Please help.

[ThinkMo]

use elasticsearch==7.1.0, elasticsearch==7.6.1 will cause this error!

Hi ThinkMo,

We didn't get you what to use. Earlier I was using elasticsearch-7.6.1, after your comment I've downloaded elasticsearch-7.1.0 and started it.

When I try to check existing example rule by below command:
elastalert-test-rule --config config.yaml example_rules/example_percentage_match.yaml

still I'm getting same error(TypeError: deprecated_search() got an unexpected keyword argument 'headers')

Am I missing anything or doing anything wrong? Please help.

sorry, try this
pip install elasticsearch==7.0.0

i first pip install elasticsearch==7.1.0, same error as you
then pip install elasticsearch==7.0.0, it's ok for me, i forgot update

[perceptron01]

I also got the same error with combination of elastalert==0.2.1 and elasticsearch==7.6.0.

So I version downed python elasticsearch library as below.
pip install elasticsearch==7.5.1

After that, the problem was solved with combination of elastalert==0.2.1 and elasticsearch==7.5.1.

I guess there seems to be something wrong with combination of library elasticsearch==7.6.0 and elastalert.

[kvskjava]

use elasticsearch==7.1.0, elasticsearch==7.6.1 will cause this error!

Hi ThinkMo,
We didn't get you what to use. Earlier I was using elasticsearch-7.6.1, after your comment I've downloaded elasticsearch-7.1.0 and started it.
When I try to check existing example rule by below command:
elastalert-test-rule --config config.yaml example_rules/example_percentage_match.yaml
still I'm getting same error(TypeError: deprecated_search() got an unexpected keyword argument 'headers')
Am I missing anything or doing anything wrong? Please help.

sorry, try this
pip install elasticsearch==7.0.0

i first pip install elasticsearch==7.1.0, same error as you
then pip install elasticsearch==7.0.0, it's ok for me, i forgot update

Hi ThinkMo,

Thank you. After trying with pip install elasticsearch=7.0.0, I didn't get that error after executing rules. Thanks a lot.

Seems there is no link with the elasticsearch server we are running(whether it's 7.6.1 or 7.1.0). Only pip install elasticsearch=7.0.0 has to be installed and it worked.

[kvskjava]

Hi All,

I'm able to proceed further but when I try to use alert type as stomp, it's not working as expected.
Is it something related to our error? I've created a issue for that with #2731
Please let me know if anyone finds anything to proceed further.

[JoshuaSmeda]

Running into the same error. I had some success in manually installing elasticsearch==7.0.0 but the errors still comes through now and then,

[bleizg]

Tried with elasticsearch==7.0.0, I still have some errors.
It seems the elasticsearch==7.5.1 is more stable.