The error indicates a scheduled custom report or rule has an event attribute included incorrectly. Check recently added/modified rules and remove the filters and conditions to test if it resolve the issues.

From the backend phoenix.log in Super or worker notes down the event ID causing the issue:

# cat /opt/phoenix/log/phoenix.log | grep -i ph_report

Example:

phDataManager[7661]: [PH_REPORT_VALUE_TYPE_LOOKUP_BY_ID_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phDataManager,[fileName]=EventIndexFile.cpp,[lineNumber]=39,[phLogDetail]=Failed to lookup value type by attribute ID 1005

Now check the database to see which event attribute is returning an invalid rule:

# psql -U phoenix -d phoenixdb -c "select * from ph_event_attr_type where attr_id=1005;"

Example:

id | creation_time | cust_org_id | entity_version | last_modified_time | owner_id | attr_id | description | display_name | name | value_type | categories | format_type | deprecated |
collector_id | used_by_rbac | sys_defined | mandatory | es_attribute | special_type | anonymize
--------+---------------+-------------+----------------+--------------------+----------+---------+--------------------------------------------------------+--------------+------------+------------+------------+-------------+------------+-
-------------+--------------+-------------+-----------+--------------+--------------+-----------
935011 | 1694497134527 | 0 | 4 | 1713802467056 | 0 | 1005 | This is the IP of the device of interest in the event. | Host IP | hostIpAddr | 10 | 97890 | | f |
| t | | t | ip | IP | t
(1 row)

In this sample output, it is the Host IP address. Review the recently added rule or Phoenix log to find the rule/report name and remove the event attribute from filters. 

If errors persist, enable DEBUG for phRuleMaster and analyze the logs:

1. enable debug: phtools --change-log phRuleMaster DEBUG.
2. Analyze the backend logs /opt/phoenix/log/phoenix.log.
3. Disable debug phtools --change-log phRuleMaster INFO.