HI,
I want to create new threshold alert and alert should send via slack. I have configured my slack webhook URL on elasticsearch.yml. when i try to send sample i'm below error,
watcher:failed to send sample slack message to user
Thanks for your reply
when i run the below command i got this response,
curl -XPOST "http://localhost:9200/_xpack/watcher/watch/55dffc80-aae3-41e0-a555-08cec8aab1a5/_execute"
{"_id":"55dffc80-aae3-41e0-a555-08cec8aab1a5_7f50223d-e204-4eb2-8210-beaab5f6e210-2018-10-16T11:29:02.139Z","watch_record":{"watch_id":"55dffc80-aae3-41e0-a555-08cec8aab1a5","node":"XIqSqBYTQQWQC1lBbTWepw","state":"executed","status":{"state":{"active":true,"timestamp":"2018-10-16T11:28:05.092Z"},"last_checked":"2018-10-16T11:29:02.139Z","last_met_condition":"2018-10-16T11:29:02.139Z","actions":{"slack_1":{"ack":{"timestamp":"2018-10-16T11:28:05.092Z","state":"awaits_successful_execution"},"last_execution":{"timestamp":"2018-10-16T11:29:02.139Z","successful":false,"reason":""}}},"execution_state":"executed","version":1},"trigger_event":{"type":"manual","triggered_time":"2018-10-16T11:29:02.139Z","manual":{"schedule":{"scheduled_time":"2018-10-16T11:29:02.139Z"}}},"input":{"search":{"request":{"search_type":"query_then_fetch","indices":["lomo-nemo-report-*"],"types":[],"body":{"size":0,"query":{"bool":{"filter":{"range":{"@timestamp":{"gte":"{{ctx.trigger.scheduled_time}}||-5m","lte":"{{ctx.trigger.scheduled_time}}","format":"strict_date_optional_time||epoch_millis"}}}}}}}}},"condition":{"script":{"source":"if (ctx.payload.hits.total > params.threshold) { return true; } return false;","lang":"painless","params":{"threshold":4}}},"metadata":{"name":"testing","watcherui":{"trigger_interval_unit":"m","agg_type":"count","time_field":"@timestamp","trigger_interval_size":1,"term_size":5,"time_window_unit":"m","threshold_comparator":">","term_field":null,"index":["lomo-nemo-report-*"],"time_window_size":5,"threshold":4,"agg_field":null},"xpack":{"type":"threshold"}},"result":{"execution_time":"2018-10-16T11:29:02.139Z","execution_duration":27,"input":{"type":"search","status":"success","payload":{"_shards":{"total":30,"failed":0,"successful":30,"skipped":0},"hits":{"hits":[],"total":21,"max_score":0.0},"took":4,"timed_out":false},"search":{"request":{"search_type":"query_then_fetch","indices":["lomo-nemo-report-*"],"types":[],"body":{"size":0,"query":{"bool":{"filter":{"range":{"@timestamp":{"gte":"2018-10-16T11:29:02.139Z||-5m","lte":"2018-10-16T11:29:02.139Z","format":"strict_date_optional_time||epoch_millis"}}}}}}}}},"condition":{"type":"script","status":"success","met":true},"transform":{"type":"script","status":"success","payload":{"result":21}},"actions":[{"id":"slack_1","type":"slack","status":"failure","slack":{"account":"monitoring","sent_messages":[{"status":"failure","error":{"root_cause":[{"type":"unknown_host_exception","reason":"hooks.slack.com: Name or service not known"}],"type":"unknown_host_exception","reason":"hooks.slack.com: Name or service not known"},"to":"Ganesh Elangovan","message":{"from":"Watcher","text":"Watch [testing] has exceeded the threshold"}}]}}]},"messages":[]}}
Check out this snippet:
This means, that somehow the system the watch is being executed on, cannot resolve hooks.slack.com via its DNS configuration. Could you verify that?
--Alex
logging into the system and using nslookup or host and try to resolve that slack hostname.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.