json: unsupported type: map[interface {}]interface{}

[esfateev]

Hi!
I've got error "json: unsupported type: map[interface {}]interface{}".

Applied monitor template:

- name: 'Critical vulnerabilities detected'
  enabled: true
  schedule:
      period:
          interval: 8
          unit: HOURS
      cron: null
  inputs:
    - search:
          indices:
            - wazuh-alerts-3.x-*
          query:
              aggregations: {}
              query:
                  bool:
                      adjust_pure_negative: true
                      boost: 1
                      filter:
                        - range:
                              '@timestamp':
                                  boost: 1
                                  format: epoch_millis
                                  from: '{{period_end}}||-1d'
                                  include_lower: true
                                  include_upper: true
                                  to: '{{period_end}}'
                        - term:
                              data.vulnerability.severity:
                                  boost: 1
                                  value: Critical
              size: 0
  triggers:
    - name: Above 10 Critical vurnerabilities detected per 1 hour
      severity: "4"
      condition: ctx.results[0].hits.total.value > 10
      actions:
	- name: Send notification to Opsgenie (Vulnerability issues)
          destinationId: opsgenie_integration:_secops_group
          subject: ""
          message: "{\n \"message\": \"{{ctx.monitor.name}}. Trigger: {{ctx.trigger.name}}.\",
              \n \"description\": \"{{ctx.monitor.name}}. Trigger: {{ctx.trigger.name}}.
              Period start: {{ctx.periodStart}}. Period end: {{ctx.periodEnd}}.\",
              \n \"entity \":\"rtrx_security\",\n \"priority\": \"P{{ctx.trigger.severity}}\",\n
              \"alias\": \"{{ctx.trigger.name}}\"\n}"

Similar problem described here: mattn/anko#264
Could we fix? Might migrate from encoding\json to github.com/json-iterator/go ?

Thanks!
BR, Eugene Fateev

[adam-turner-j]

This also happens when using the sample monitor... is this software in a working state at all?

[mentalburden]

Same exact problem, I even copy pasted existing ymls into the working dir and it throws the same error:

DEBU[0000] Running monitor: simplemon
FATA[0000] Unable to parse monitor correctly: json: unsupported type: map[interface {}]interface {}

Line 59 on https://github.com/mihirsoni/odfe-monitor-cli/blob/master/commands/push.go is where the fatal is being thrown.

[mihirsoni]

@mentalburden Could you provide sample YAML monitor ? You can redact the other details. Believe must be missing some new fields from alerting.

[adam-turner-j]

@mihirsoni The sample monitor in the README does not work.

[emretanriverdi]

Hello,

The same problem occurred to me when I used this by the Releases section, but when I cloned the repo to my local and run it, it was perfectly fine.

I realized Releases is 5 commits behind the master, so I forked it and released a new package up until the latest commit.

Working fine on my end:
https://github.com/emretanriverdi/odfe-monitor-cli

I hope it works for you too!
@esfateev @adam-turner-j @mentalburden