def ea():
rules = [{'es_host': '',
'es_port': '',
'name': 'anytest',
'index': 'idx',
'filter': [],
'include': ['@timestamp'],
'aggregation': datetime.timedelta(0),
'realert': datetime.timedelta(0),
'processed_hits': {},
'timestamp_field': '@timestamp',
'match_enhancements': []}]
conf = {'rules_folder': 'rules',
'run_every': datetime.timedelta(minutes=10),
'buffer_time': datetime.timedelta(minutes=5),
'alert_time_limit': datetime.timedelta(hours=24),
'es_host': 'es',
'es_port': 14900,
'writeback_index': 'wb',
'rules': rules,
'max_query_size': 100000,
'old_query_limit': datetime.timedelta(weeks=1)}
elasticsearch.client.Elasticsearch = mock_es_client
with mock.patch('elastalert.elastalert.get_rule_hashes'):
with mock.patch('elastalert.elastalert.load_rules') as load_conf:
load_conf.return_value = conf
ea = ElastAlerter(['--pin_rules'])
ea.rules[0]['type'] = mock_ruletype()
ea.rules[0]['alert'] = [mock_alert()]
ea.writeback_es = mock_es_client()
ea.writeback_es.search.return_value = {'hits': {'hits': []}}
ea.writeback_es.create.return_value = {'_id': 'ABCD'}
ea.current_es = mock_es_client('', '')
return ea
def ea():
rules = [
{
"es_host": "",
"es_port": "",
"name": "anytest",
"index": "idx",
"filter": [],
"not_filter": [],
"include": ["@timestamp"],
"aggregation": datetime.timedelta(0),
"realert": datetime.timedelta(0),
"processed_hits": {},
"timestamp_field": "@timestamp",
"match_enhancements": [],
"rule_file": "blah.yaml",
"ts_to_dt": ts_to_dt,
"dt_to_ts": dt_to_ts,
"_source_enabled": True,
}
]
conf = {
"rules_folder": "rules",
"run_every": datetime.timedelta(minutes=10),
"buffer_time": datetime.timedelta(minutes=5),
"alert_time_limit": datetime.timedelta(hours=24),
"es_host": "es",
"es_port": 14900,
"writeback_index": "wb",
"rules": rules,
"max_query_size": 100000,
"old_query_limit": datetime.timedelta(weeks=1),
"disable_rules_on_error": False,
}
elasticsearch.client.Elasticsearch = mock_es_client
with mock.patch("elastalert.elastalert.get_rule_hashes"):
with mock.patch("elastalert.elastalert.load_rules") as load_conf:
load_conf.return_value = conf
ea = ElastAlerter(["--pin_rules"])
ea.rules[0]["type"] = mock_ruletype()
ea.rules[0]["alert"] = [mock_alert()]
ea.writeback_es = mock_es_client()
ea.writeback_es.search.return_value = {"hits": {"hits": []}}
ea.writeback_es.create.return_value = {"_id": "ABCD"}
ea.current_es = mock_es_client("", "")
return ea
def ea():
rules = [{
'es_host': '',
'es_port': 14900,
'name': 'anytest',
'index': 'idx',
'filter': [],
'include': ['@timestamp'],
'aggregation': datetime.timedelta(0),
'realert': datetime.timedelta(0),
'processed_hits': {},
'timestamp_field': '@timestamp',
'match_enhancements': [],
'rule_file': 'blah.yaml',
'max_query_size': 10000,
'ts_to_dt': ts_to_dt,
'dt_to_ts': dt_to_ts,
'_source_enabled': True
}]
conf = {
'rules_folder': 'rules',
'run_every': datetime.timedelta(minutes=10),
'buffer_time': datetime.timedelta(minutes=5),
'alert_time_limit': datetime.timedelta(hours=24),
'es_host': 'es',
'es_port': 14900,
'writeback_index': 'wb',
'rules': rules,
'max_query_size': 10000,
'old_query_limit': datetime.timedelta(weeks=1),
'disable_rules_on_error': False,
'scroll_keepalive': '30s'
}
elasticsearch.client.Elasticsearch = mock_es_client
with mock.patch('elastalert.elastalert.get_rule_hashes'):
with mock.patch('elastalert.elastalert.load_rules') as load_conf:
load_conf.return_value = conf
ea = ElastAlerter(['--pin_rules'])
ea.rules[0]['type'] = mock_ruletype()
ea.rules[0]['alert'] = [mock_alert()]
ea.writeback_es = mock_es_client()
ea.writeback_es.search.return_value = {'hits': {'hits': []}}
ea.writeback_es.create.return_value = {'_id': 'ABCD'}
ea.current_es = mock_es_client('', '')
return ea
def run_elastalert(self, rule, conf, args):
""" Creates an ElastAlert instance and run's over for a specific rule using either real or mock data. """
# Load and instantiate rule
load_modules(rule)
conf['rules'] = [rule]
# If using mock data, make sure it's sorted and find appropriate time range
timestamp_field = rule.get('timestamp_field', '@timestamp')
if args.json:
if not self.data:
return None
try:
self.data.sort(key=lambda x: x[timestamp_field])
starttime = ts_to_dt(self.data[0][timestamp_field])
endtime = self.data[-1][timestamp_field]
endtime = ts_to_dt(endtime) + datetime.timedelta(seconds=1)
except KeyError as e:
print("All documents must have a timestamp and _id: %s" % (e),
file=sys.stderr)
if args.stop_error:
exit(1)
return None
# Create mock _id for documents if it's missing
used_ids = []
def get_id():
_id = ''.join(
[random.choice(string.letters) for i in range(16)])
if _id in used_ids:
return get_id()
used_ids.append(_id)
return _id
for doc in self.data:
doc.update({'_id': doc.get('_id', get_id())})
else:
endtime = ts_now()
starttime = endtime - datetime.timedelta(days=args.days)
# Set run_every to cover the entire time range unless count query, terms query or agg query used
# This is to prevent query segmenting which unnecessarily slows down tests
if not rule.get('use_terms_query') and not rule.get(
'use_count_query') and not rule.get(
'aggregation_query_element'):
conf['run_every'] = endtime - starttime
# Instantiate ElastAlert to use mock config and special rule
with mock.patch('elastalert.elastalert.get_rule_hashes'):
with mock.patch('elastalert.elastalert.load_rules') as load_conf:
load_conf.return_value = conf
if args.alert:
client = ElastAlerter(['--verbose'])
else:
client = ElastAlerter(['--debug'])
# Replace get_hits_* functions to use mock data
if args.json:
self.mock_elastalert(client)
# Mock writeback to return empty results
client.writeback_es = mock.MagicMock()
client.writeback_es.search.return_value = {"hits": {"hits": []}}
with mock.patch.object(client, 'writeback') as mock_writeback:
client.run_rule(rule, endtime, starttime)
if mock_writeback.call_count:
print(
"\nWould have written the following documents to writeback index (default is elastalert_status):\n"
)
errors = False
for call in mock_writeback.call_args_list:
print("%s - %s\n" % (call[0][0], call[0][1]))
if call[0][0] == 'elastalert_error':
errors = True
if errors and args.stop_error:
exit(1)
def run_elastalert(self, rule, args):
""" Creates an ElastAlert instance and run's over for a specific rule using either real or mock data. """
# Mock configuration. Nothing here is used except run_every
conf = {'rules_folder': 'rules',
'run_every': datetime.timedelta(minutes=5),
'buffer_time': datetime.timedelta(minutes=45),
'alert_time_limit': datetime.timedelta(hours=24),
'es_host': 'es',
'es_port': 14900,
'writeback_index': 'wb',
'max_query_size': 100000,
'old_query_limit': datetime.timedelta(weeks=1),
'disable_rules_on_error': False}
# Load and instantiate rule
load_options(rule, conf)
load_modules(rule)
conf['rules'] = [rule]
# If using mock data, make sure it's sorted and find appropriate time range
timestamp_field = rule.get('timestamp_field', '@timestamp')
if args.json:
if not self.data:
return
try:
self.data.sort(key=lambda x: x[timestamp_field])
starttime = ts_to_dt(self.data[0][timestamp_field])
endtime = self.data[-1][timestamp_field]
endtime = ts_to_dt(endtime) + datetime.timedelta(seconds=1)
except KeyError as e:
print("All documents must have a timestamp and _id: %s" % (e), file=sys.stderr)
return
# Create mock _id for documents if it's missing
used_ids = []
def get_id():
_id = ''.join([random.choice(string.letters) for i in range(16)])
if _id in used_ids:
return get_id()
used_ids.append(_id)
return _id
for doc in self.data:
doc.update({'_id': doc.get('_id', get_id())})
else:
endtime = ts_now()
starttime = endtime - datetime.timedelta(days=args.days)
# Set run_every to cover the entire time range unless use_count_query or use_terms_query is set
# This is to prevent query segmenting which unnecessarily slows down tests
if not rule.get('use_terms_query') and not rule.get('use_count_query'):
conf['run_every'] = endtime - starttime
# Instantiate ElastAlert to use mock config and special rule
with mock.patch('elastalert.elastalert.get_rule_hashes'):
with mock.patch('elastalert.elastalert.load_rules') as load_conf:
load_conf.return_value = conf
if args.alert:
client = ElastAlerter(['--verbose'])
else:
client = ElastAlerter(['--debug'])
# Replace get_hits_* functions to use mock data
if args.json:
self.mock_elastalert(client)
# Mock writeback for both real data and json data
client.writeback_es = None
with mock.patch.object(client, 'writeback') as mock_writeback:
client.run_rule(rule, endtime, starttime)
if mock_writeback.call_count:
print("\nWould have written the following documents to elastalert_status:\n")
for call in mock_writeback.call_args_list:
print("%s - %s\n" % (call[0][0], call[0][1]))
def run_elastalert(self, rule, conf):
""" Creates an ElastAlert instance and run's over for a specific rule using either real or mock data. """
# Load and instantiate rule
# Pass an args containing the context of whether we're alerting or not
# It is needed to prevent unnecessary initialization of unused alerters
load_modules_args = argparse.Namespace()
load_modules_args.debug = not self.args.alert
conf['rules_loader'].load_modules(rule, load_modules_args)
# If using mock data, make sure it's sorted and find appropriate time range
timestamp_field = rule.get('timestamp_field', '@timestamp')
if self.args.json:
if not self.data:
return None
try:
self.data.sort(key=lambda x: x[timestamp_field])
self.starttime = self.str_to_ts(self.data[0][timestamp_field])
self.endtime = self.str_to_ts(
self.data[-1][timestamp_field]) + datetime.timedelta(
seconds=1)
except KeyError as e:
print("All documents must have a timestamp and _id: %s" % (e),
file=sys.stderr)
if self.args.stop_error:
exit(4)
return None
# Create mock _id for documents if it's missing
used_ids = []
def get_id():
_id = ''.join(
[random.choice(string.ascii_letters) for i in range(16)])
if _id in used_ids:
return get_id()
used_ids.append(_id)
return _id
for doc in self.data:
doc.update({'_id': doc.get('_id', get_id())})
else:
# Updating starttime based on timeframe rule
if "timeframe" in rule:
self.starttime = self.parse_starttime(
timeframe=rule["timeframe"])
# Set run_every to cover the entire time range unless count query, terms query or agg query used
# This is to prevent query segmenting which unnecessarily slows down tests
if not rule.get('use_terms_query') and not rule.get(
'use_count_query') and not rule.get(
'aggregation_query_element'):
conf['run_every'] = self.endtime - self.starttime
# Instantiate ElastAlert to use mock config and special rule
with mock.patch.object(conf['rules_loader'], 'get_hashes'):
with mock.patch.object(conf['rules_loader'], 'load') as load_rules:
load_rules.return_value = [rule]
with mock.patch(
'elastalert.elastalert.load_conf') as load_conf:
load_conf.return_value = conf
if self.args.alert:
client = ElastAlerter(['--verbose'])
else:
client = ElastAlerter(['--debug'])
# Replace get_hits_* functions to use mock data
if self.args.json:
self.mock_elastalert(client)
# Mock writeback to return empty results
client.writeback_es = mock.MagicMock()
client.writeback_es.search.return_value = {"hits": {"hits": []}}
with mock.patch.object(client, 'writeback') as mock_writeback:
client.run_rule(rule, self.endtime, self.starttime)
if mock_writeback.call_count:
if self.args.formatted_output:
self.formatted_output['writeback'] = {}
else:
print(
"\nWould have written the following documents to writeback index (default is elastalert_status):\n"
)
errors = False
for call in mock_writeback.call_args_list:
if self.args.formatted_output:
self.formatted_output['writeback'][
call[0][0]] = json.loads(
json.dumps(call[0][1], default=str))
else:
print("%s - %s\n" % (call[0][0], call[0][1]))
if call[0][0] == 'elastalert_error':
errors = True
if errors and self.args.stop_error:
exit(2)
def run_elastalert(self, rule, args):
""" Creates an ElastAlert instance and run's over for a specific rule using either real or mock data. """
# Mock configuration. Nothing here is used except run_every
conf = {'rules_folder': 'rules',
'run_every': datetime.timedelta(minutes=5),
'buffer_time': datetime.timedelta(minutes=45),
'alert_time_limit': datetime.timedelta(hours=24),
'es_host': 'es',
'es_port': 14900,
'writeback_index': 'wb',
'max_query_size': 10000,
'old_query_limit': datetime.timedelta(weeks=1),
'disable_rules_on_error': False}
# Load and instantiate rule
load_options(rule, conf)
load_modules(rule)
conf['rules'] = [rule]
# If using mock data, make sure it's sorted and find appropriate time range
timestamp_field = rule.get('timestamp_field', '@timestamp')
if args.json:
if not self.data:
return None
try:
self.data.sort(key=lambda x: x[timestamp_field])
starttime = ts_to_dt(self.data[0][timestamp_field])
endtime = self.data[-1][timestamp_field]
endtime = ts_to_dt(endtime) + datetime.timedelta(seconds=1)
except KeyError as e:
print("All documents must have a timestamp and _id: %s" % (e), file=sys.stderr)
return None
# Create mock _id for documents if it's missing
used_ids = []
def get_id():
_id = ''.join([random.choice(string.letters) for i in range(16)])
if _id in used_ids:
return get_id()
used_ids.append(_id)
return _id
for doc in self.data:
doc.update({'_id': doc.get('_id', get_id())})
else:
endtime = ts_now()
starttime = endtime - datetime.timedelta(days=args.days)
# Set run_every to cover the entire time range unless use_count_query or use_terms_query is set
# This is to prevent query segmenting which unnecessarily slows down tests
if not rule.get('use_terms_query') and not rule.get('use_count_query'):
conf['run_every'] = endtime - starttime
# Instantiate ElastAlert to use mock config and special rule
with mock.patch('elastalert.elastalert.get_rule_hashes'):
with mock.patch('elastalert.elastalert.load_rules') as load_conf:
load_conf.return_value = conf
if args.alert:
client = ElastAlerter(['--verbose'])
else:
client = ElastAlerter(['--debug'])
# Replace get_hits_* functions to use mock data
if args.json:
self.mock_elastalert(client)
# Mock writeback for both real data and json data
client.writeback_es = None
with mock.patch.object(client, 'writeback') as mock_writeback:
client.run_rule(rule, endtime, starttime)
if mock_writeback.call_count:
print("\nWould have written the following documents to elastalert_status:\n")
for call in mock_writeback.call_args_list:
print("%s - %s\n" % (call[0][0], call[0][1]))
def run_elastalert(self, rule, conf, args):
""" Creates an ElastAlert instance and run's over for a specific rule using either real or mock data. """
# Load and instantiate rule
# Pass an args containing the context of whether we're alerting or not
# It is needed to prevent unnecessary initialization of unused alerters
load_modules_args = argparse.Namespace()
load_modules_args.debug = not args.alert
load_modules(rule, load_modules_args)
conf['rules'] = [rule]
# If using mock data, make sure it's sorted and find appropriate time range
timestamp_field = rule.get('timestamp_field', '@timestamp')
if args.json:
if not self.data:
return None
try:
sorted(self.data, key=lambda x: x[timestamp_field])
starttime = ts_to_dt(self.data[0][timestamp_field])
endtime = self.data[-1][timestamp_field]
endtime = ts_to_dt(endtime) + datetime.timedelta(seconds=1)
except KeyError as e:
print("All documents must have a timestamp and _id: %s" % (e),
file=sys.stderr)
if args.stop_error:
exit(1)
return None
# Create mock _id for documents if it's missing
used_ids = []
def get_id():
_id = ''.join(
[random.choice(string.letters) for i in range(16)])
if _id in used_ids:
return get_id()
used_ids.append(_id)
return _id
for doc in self.data:
doc.update({'_id': doc.get('_id', get_id())})
else:
if args.end:
if args.end == 'NOW':
endtime = ts_now()
else:
try:
endtime = ts_to_dt(args.end)
except (TypeError, ValueError):
self.handle_error(
"%s is not a valid ISO8601 timestamp (YYYY-MM-DDTHH:MM:SS+XX:00)"
% (args.end))
exit(1)
else:
endtime = ts_now()
if args.start:
try:
starttime = ts_to_dt(args.start)
except (TypeError, ValueError):
self.handle_error(
"%s is not a valid ISO8601 timestamp (YYYY-MM-DDTHH:MM:SS+XX:00)"
% (args.start))
exit(1)
else:
# if days given as command line argument
if args.days > 0:
starttime = endtime - datetime.timedelta(days=args.days)
else:
# if timeframe is given in rule
if 'timeframe' in rule:
starttime = endtime - datetime.timedelta(
seconds=rule['timeframe'].total_seconds() * 1.01)
# default is 1 days / 24 hours
else:
starttime = endtime - datetime.timedelta(days=1)
# Set run_every to cover the entire time range unless count query, terms query or agg query used
# This is to prevent query segmenting which unnecessarily slows down tests
if not rule.get('use_terms_query') and not rule.get(
'use_count_query') and not rule.get(
'aggregation_query_element'):
conf['run_every'] = endtime - starttime
# Instantiate ElastAlert to use mock config and special rule
with mock.patch('elastalert.elastalert.get_rule_hashes'):
with mock.patch('elastalert.elastalert.load_rules') as load_conf:
load_conf.return_value = conf
if args.alert:
client = ElastAlerter(['--verbose'])
else:
client = ElastAlerter(['--debug'])
# Replace get_hits_* functions to use mock data
if args.json:
self.mock_elastalert(client)
# Mock writeback to return empty results
client.writeback_es = mock.MagicMock()
client.writeback_es.search.return_value = {"hits": {"hits": []}}
with mock.patch.object(client, 'writeback') as mock_writeback:
client.run_rule(rule, endtime, starttime)
if mock_writeback.call_count:
if args.formatted_output:
self.formatted_output['writeback'] = {}
else:
print(
"\nWould have written the following documents to writeback index (default is elastalert_status):\n"
)
errors = False
for call in mock_writeback.call_args_list:
if args.formatted_output:
self.formatted_output['writeback'][
call[0][0]] = json.loads(
json.dumps(call[0][1], default=str))
else:
print("%s - %s\n" % (call[0][0], call[0][1]))
if call[0][0] == 'elastalert_error':
errors = True
if errors and args.stop_error:
exit(1)
def run_elastalert(self, rule, conf, args):
""" Creates an ElastAlert instance and run's over for a specific rule using either real or mock data. """
# Load and instantiate rule
load_modules(rule)
conf['rules'] = [rule]
# If using mock data, make sure it's sorted and find appropriate time range
timestamp_field = rule.get('timestamp_field', '@timestamp')
if args.json:
if not self.data:
return None
try:
self.data.sort(key=lambda x: x[timestamp_field])
starttime = ts_to_dt(self.data[0][timestamp_field])
endtime = self.data[-1][timestamp_field]
endtime = ts_to_dt(endtime) + datetime.timedelta(seconds=1)
except KeyError as e:
print("All documents must have a timestamp and _id: %s" % (e), file=sys.stderr)
return None
# Create mock _id for documents if it's missing
used_ids = []
def get_id():
_id = ''.join([random.choice(string.letters) for i in range(16)])
if _id in used_ids:
return get_id()
used_ids.append(_id)
return _id
for doc in self.data:
doc.update({'_id': doc.get('_id', get_id())})
else:
endtime = ts_now()
starttime = endtime - datetime.timedelta(days=args.days)
# Set run_every to cover the entire time range unless count query, terms query or agg query used
# This is to prevent query segmenting which unnecessarily slows down tests
if not rule.get('use_terms_query') and not rule.get('use_count_query') and not rule.get('aggregation_query_element'):
conf['run_every'] = endtime - starttime
# Instantiate ElastAlert to use mock config and special rule
with mock.patch('elastalert.elastalert.get_rule_hashes'):
with mock.patch('elastalert.elastalert.load_rules') as load_conf:
load_conf.return_value = conf
if args.alert:
client = ElastAlerter(['--verbose'])
else:
client = ElastAlerter(['--debug'])
# Replace get_hits_* functions to use mock data
if args.json:
self.mock_elastalert(client)
# Mock writeback to return empty results
client.writeback_es = mock.MagicMock()
client.writeback_es.search.return_value = {"hits": {"hits": []}}
with mock.patch.object(client, 'writeback') as mock_writeback:
client.run_rule(rule, endtime, starttime)
if mock_writeback.call_count:
print("\nWould have written the following documents to writeback index (default is elastalert_status):\n")
for call in mock_writeback.call_args_list:
print("%s - %s\n" % (call[0][0], call[0][1]))
def run_elastalert(self, rule, conf, args):
""" Creates an ElastAlert instance and run's over for a specific rule using either real or mock data. """
# Load and instantiate rule
# Pass an args containing the context of whether we're alerting or not
# It is needed to prevent unnecessary initialization of unused alerters
load_modules_args = argparse.Namespace()
load_modules_args.debug = not args.alert
load_modules(rule, load_modules_args)
conf['rules'] = [rule]
# If using mock data, make sure it's sorted and find appropriate time range
timestamp_field = rule.get('timestamp_field', '@timestamp')
if args.json:
if not self.data:
return None
try:
self.data.sort(key=lambda x: x[timestamp_field])
starttime = ts_to_dt(self.data[0][timestamp_field])
endtime = self.data[-1][timestamp_field]
endtime = ts_to_dt(endtime) + datetime.timedelta(seconds=1)
except KeyError as e:
print("All documents must have a timestamp and _id: %s" % (e), file=sys.stderr)
if args.stop_error:
exit(1)
return None
# Create mock _id for documents if it's missing
used_ids = []
def get_id():
_id = ''.join([random.choice(string.letters) for i in range(16)])
if _id in used_ids:
return get_id()
used_ids.append(_id)
return _id
for doc in self.data:
doc.update({'_id': doc.get('_id', get_id())})
else:
if args.end:
if args.end == 'NOW':
endtime = ts_now()
else:
try:
endtime = ts_to_dt(args.end)
except (TypeError, ValueError):
self.handle_error("%s is not a valid ISO8601 timestamp (YYYY-MM-DDTHH:MM:SS+XX:00)" % (args.end))
exit(1)
else:
endtime = ts_now()
if args.start:
try:
starttime = ts_to_dt(args.start)
except (TypeError, ValueError):
self.handle_error("%s is not a valid ISO8601 timestamp (YYYY-MM-DDTHH:MM:SS+XX:00)" % (args.start))
exit(1)
else:
# if days given as command line argument
if args.days > 0:
starttime = endtime - datetime.timedelta(days=args.days)
else:
# if timeframe is given in rule
if 'timeframe' in rule:
starttime = endtime - datetime.timedelta(seconds=rule['timeframe'].total_seconds() * 1.01)
# default is 1 days / 24 hours
else:
starttime = endtime - datetime.timedelta(days=1)
# Set run_every to cover the entire time range unless count query, terms query or agg query used
# This is to prevent query segmenting which unnecessarily slows down tests
if not rule.get('use_terms_query') and not rule.get('use_count_query') and not rule.get('aggregation_query_element'):
conf['run_every'] = endtime - starttime
# Instantiate ElastAlert to use mock config and special rule
with mock.patch('elastalert.elastalert.get_rule_hashes'):
with mock.patch('elastalert.elastalert.load_rules') as load_conf:
load_conf.return_value = conf
if args.alert:
client = ElastAlerter(['--verbose'])
else:
client = ElastAlerter(['--debug'])
# Replace get_hits_* functions to use mock data
if args.json:
self.mock_elastalert(client)
# Mock writeback to return empty results
client.writeback_es = mock.MagicMock()
client.writeback_es.search.return_value = {"hits": {"hits": []}}
with mock.patch.object(client, 'writeback') as mock_writeback:
client.run_rule(rule, endtime, starttime)
if mock_writeback.call_count:
if args.formatted_output:
self.formatted_output['writeback'] = {}
else:
print("\nWould have written the following documents to writeback index (default is elastalert_status):\n")
errors = False
for call in mock_writeback.call_args_list:
if args.formatted_output:
self.formatted_output['writeback'][call[0][0]] = json.loads(json.dumps(call[0][1], default=str))
else:
print("%s - %s\n" % (call[0][0], call[0][1]))
if call[0][0] == 'elastalert_error':
errors = True
if errors and args.stop_error:
exit(1)
