Advanced Watch

Kumar_Abhinav · July 20, 2023, 8:25pm

Hi,
I am using ELK in Supply Chain Traceability Company.

1 -- I wanted to create a Watcher to send "Alerts" from Kibana for the inventory items and it should be continuous alerts through email notification. Suppose an item has an expiry date of July 30th so on July 1st, the first email should pop out from the system, then a second on July 15th, another on July 22nd, and from July 23rd, continuous email(every day) mail should be sent to the clients.

2 -- I also want to put a watcher on the inventory count limit. Suppose it goes beyond a threshold limit, an alert from the system should pop out.

Can you please guide me that how to integrate in kibana also can it be done through the "Alerts" or through the "Watcher"

Kumar_Abhinav · August 3, 2023, 8:22pm

Can any one reply to this query

Andrew_Tate · August 3, 2023, 9:59pm

@Kumar_Abhinav have you looked at the watcher docs? It seems like the examples there are very similar to your use cases, including sending alerts via email.

Kumar_Abhinav · August 14, 2023, 7:33pm

Hi @Andrew_Tate. I looked into the Watcher docs and found some ways to configure the email setting in the kibana.yml file. However I did not find any such setting space in that file and when I created the same on my own, my kibana stopped working. FYI - I used this setting xpack.actions.email.smtp.host: xxx.xxx.xxx.xx
xpack.actions.email.smtp.port: 25
xpack.actions.email.smtp.secure: False
xpack.actions.email.smtp.username: xxx_xxx-xxxx-xxxx2@xxx.net
xpack.actions.email.smtp.password: xxx_1234

Please guide me on this again. I will be very grateful to you for this.

Thanks

Abhinav

Kumar_Abhinav · August 17, 2023, 9:07pm

Request Someone to give some guidance on this

Kumar_Abhinav · August 21, 2023, 6:30am

Hi @Andrew_Tate . Request you guide me on this.

Andrew_Tate · September 5, 2023, 4:30pm

Hi @Kumar_Abhinav

I'm curious what directions you were following when you started adding settings to the kibana.yml config file.

As far as I can see in the doc here, you don't need to change anything in kibana.yml. However, as it mentions there, you do need to configure an email account in Elasticsearch.

Does that help?

Kumar_Abhinav · September 5, 2023, 9:30pm

Hi @Andrew_Tate Thanks for the message. After posting the message in the Community, I made these changes in the Elastic.yml file -- xpack.notification.email.account:
outlook_account:
profile: outlook
smtp:
auth: true
starttls.enable: true
host: smtp-mail.outlook.com
port: 587
user: <email.address>

In the User Name - I gave my personal email ID for trial purposes. I got this as an error message - 2023-08-23T06:32:59,971][ERROR][o.e.x.w.a.e.ExecutableEmailAction] [nhra-prod2-es-kibana] failed to execute action [dcd9bba3-a4ad-4932-9c8a-560dcabf1248/email_1]
javax.mail.MessagingException: failed to send email with subject [Watch [Expiry] has exceeded the threshold] via account [outlook_account]
at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:278) ~[?:?]
at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:238) ~[?:?]
at org.elasticsearch.xpack.watcher.actions.email.ExecutableEmailAction.execute(ExecutableEmailAction.java:92) ~[?:?]
at org.elasticsearch.xpack.core.watcher.actions.ActionWrapper.execute(ActionWrapper.java:175) ~[?:?]
at org.elasticsearch.xpack.watcher.execution.ExecutionService.executeInner(ExecutionService.java:560) ~[?:?]
at org.elasticsearch.xpack.watcher.execution.ExecutionService.execute(ExecutionService.java:342) ~[?:?]
at org.elasticsearch.xpack.watcher.execution.ExecutionService.lambda$executeAsync$6(ExecutionService.java:440) ~[?:?]
at org.elasticsearch.xpack.watcher.execution.ExecutionService$WatchExecutionTask.run(ExecutionService.java:666) ~[?:?]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:850) ~[elasticsearch-8.6.2.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) ~[?:?]
at java.lang.Thread.run(Thread.java:1589) ~[?:?]
Caused by: com.sun.mail.smtp.SMTPSendFailedException: 554 5.2.252 SendAsDenied; writetokumarabhinav@hotmail.com not allowed to send as elasticsearch@nhra-prod2-es-kibana; STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to process message due to a permanent exception with message [BeginDiagnosticData]Cannot submit message. 0.35250:1F004D84, 1.36674:0A000000, 1.61250:00000000, 1.45378:02000000, 1.44866:767C0000, 1.36674:0E000000, 1.61250:00000000, 1.45378:7B7C0000, 1.44866:08010000, 16.55847:910F0000, 17.43559:0000000024020000000000000000000000000000, 20.52176:140F2B9A1A0010100D000000, 20.50032:140F2B9A8A17001007000000, 0.53414:F1030000, 0.35180:00000000, 255.23226:1F004D84, 255.27962:0A000000, 255.27962:0E000000, 255.31418:6E930000, 0.35250:FF7F0000, 1.36674:0A000000, 1.61250:00000000, 1.45378:02000000, 1.44866:62000000, 1.36674:32000000, 1.61250:00000000, 1.45378:67000000, 1.44866:01000000, 16.55847:DD000000, 17.43559:00000000B8030000000000000000000000000000, 20.52176:140F2B9A1A004010F1030000, 20.50032:140F2B9A8A1770201F004D84, 0.53414:31000000, 0.35180:EC790000, 255.23226:D3920000, 255.27962:0A000000, 255.27962:32000000, 255.17082:DC040000, 0.27745:3B000000, 4.21921:DC040000, 255.27962:FA000000, 255.1494:40000000, 0.38698:05000780, 1.41134:46000000, 0.37692:86000000, 0.37948:86000000, 5.33852:00000000534D545000000000, 7.36354:010000000000010986000000, 4.56248:DC040000, 7.40748:010000000000010B0C000000, 7.57132:000000000000000000000000, 4.39640:DC040000, 1.63016:32000000, 8.45434:00400600A39E7D130000000000000000332D6334, 1.46798:04000000, 5.10786:0000000031352E32302E363639392E3032363A504E32503238374D42303536313A39393863386136332D633463312D343033642D386238612D6162353536613236313363633A3330313437323A2E4E455420362E302E323000000000, 7.51330:E0522DCBA2A3DB0800000000, 0.39570:13000000, 1.55954:0A000000, 1.33010:0A000000, 2.54258:00000000, 0.40002:07000000, 1.56562:00000000, 1.33010:0A000000, 2.54258:00000000, 0.40002:00000000, 1.56562:00000000, 1.64146:32000000, 1.33010:32000000, 2.54258:DC040000, 1.33010:32000000, 2.54258:DC040000, 255.1750:83020000, 255.31418:0A008281, 0.22753:92000000, 255.21817:DC040000, 0.64418:0A004982, 4.39842:DC040000, 0.41586:8D020000, 4.60547:DC040000, 0.21966:9C000000, 4.30158:DC040000[EndDiagnosticData] [Hostname=PN2P287MB0561.INDP287.PROD.OUTLOOK.COM] ... I also want to take your guidance on how I should give my organization mail is which runs on the Outlook/hotmail layer and also on the issue above, how to solve this.

system · October 3, 2023, 9:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Watcher Automated Email Reports Kibana	4	496	January 17, 2023
Configuring email server in yml file Kibana	3	1728	September 17, 2018
Help with watcher alert configuration in Kibana Elasticsearch elastic-stack-alerting	8	2142	May 1, 2019
Unable to send email using watcher on Xpack 6.2.1 Elasticsearch elastic-stack-alerting	10	644	June 5, 2018
Watcher not firing Kibana elastic-stack-alerting	2	407	July 27, 2021

Advanced Watch

Related Topics