Automated Report Failing

banderson · April 20, 2017, 4:56pm

I configured a notification email elasticsearch:

xpack.notification.email:
   smtp_account:
      profile: standard
      smtp:
         host: momail.mo.gov
         user: bill.anderson@oa.mo.gov
         from: kibana@oa.mo.gov

Then I created a watch:

PUT _xpack/watcher/watch/ios_severity
{
   "trigger": {
      "schedule": {
         "interval": "1h"
      }
   },
   "actions": {
      "smtp_account": {
         "email": {
            "profile": "standard",
            "attachments": {
               "cisco_ios_severity_report.pdf": {
                  "reporting": {
                     "url": "https://10.241.52.8:5601/api/reporting/generate/visualization/4b8ab530-1f91-11e7-9d44-ef23cde92150?_g=()&_a=(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:%27severity:%22alert%22%27)),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:%271%27,params:(),schema:metric,type:count),(enabled:!t,id:%272%27,params:(customLabel:%27Syslog+Host%27,field:sysloghost.keyword,order:desc,orderBy:%271%27,size:25),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:%27Top+Alert+(1)+Hosts%27,type:table))",
                     "retries": 10,
                     "interval": "1s",
                     "auth": {
                        "basic": {
                           "username": "elastic",
                           "password": "changeme"
                        }
                     }
                  }
               }
            },
            "to": [
               "bill.anderson@oa.mo.gov"
            ],
            "subject": "Cisco IOS Severity Report"
         }
      }
   }
}

So far so good. When I execute the watch:

POST _xpack/watcher/watch/ios_severity/_execute

I get this with an error

{
  "_id": "ios_severity_f1244026-7607-4d9d-ba77-d7301d035ff2-2017-04-20T16:55:09.850Z",
  "watch_record": {
    "watch_id": "ios_severity",
    "state": "executed",
    "trigger_event": {
      "type": "manual",
      "triggered_time": "2017-04-20T16:55:09.850Z",
      "manual": {
        "schedule": {
          "scheduled_time": "2017-04-20T16:55:09.850Z"
        }
      }
    },
    "input": {
      "none": {}
    },
    "condition": {
      "always": {}
    },
    "result": {
      "execution_time": "2017-04-20T16:55:09.850Z",
      "execution_duration": 8489,
      "input": {
        "type": "none",
        "status": "success",
        "payload": {}
      },
      "condition": {
        "type": "always",
        "status": "success",
        "met": true
      },
      "actions": [
        {
          "id": "smtp_account",
          "type": "email",
          "status": "failure",
          "reason": "IllegalArgumentException[no account found for name: [null]]"
        }
      ]
    },
    "messages": []
  }
}

I don't know why the account name is [null].

Stacey_Gammon · April 20, 2017, 6:50pm

Did you configure a password field for your email account? In all the examples here I see a password field, but it's missing from your snippet (though perhaps you just left it out intentionally). https://www.elastic.co/guide/en/x-pack/current/actions-email.html

banderson · April 20, 2017, 7:09pm

This mail server does not require authentication.

spinscale · April 20, 2017, 7:46pm

Hey Bill,

did you add the above account configuration to all of your nodes in the cluster?

Also, can you add "account": "smtp_account" to your watch email action and see if this works?

Thanks a lot!

--Alex

banderson · April 20, 2017, 8:37pm

There is only one node in the cluster.

I added the account and I am now getting a different error:

"_id": "ios_severity_cf0fa8c7-0805-4b08-9d9c-e51006b4d7f3-2017-04-20T20:34:22.341Z",
  "watch_record": {
    "watch_id": "ios_severity",
    "state": "not_executed_already_queued",
    "trigger_event": {
      "type": "manual",
      "triggered_time": "2017-04-20T20:34:22.341Z",
      "manual": {
        "schedule": {
          "scheduled_time": "2017-04-20T20:34:22.341Z"
        }
      }
    },
    "messages": [
      "Watch is already queued in thread pool"
    ]
  }
}

banderson · April 20, 2017, 9:50pm

I created a simpler watch:

PUT _xpack/watcher/watch/send_mail
{
  "trigger": {
      "schedule": {
         "interval": "1h"
      }
  },
  "actions": {
    "send_email" : { 
      "email" : { 
        "account": "smtp_account",
        "to" : "bill.anderson@oa.mo.gov", 
        "subject" : "Watcher Notification", 
        "body" : "error logs found" 
      }
    }
  }
}

And I get this error:

"actions": [
        {
          "id": "send_email",
          "type": "email",
          "status": "failure",
          "reason": "IllegalArgumentException[no account found for name: [smtp_account]]"
        }
      ]

banderson · April 20, 2017, 9:59pm

I found the error. Here is the correct pack.notification.email section in elasticsearch.yml

    xpack.notification.email:
       account:
          smtp_account:
             profile: standard
             smtp:
                host: momail.mo.gov
                user: bill.anderson@oa.mo.gov
                from: kibana@oa.mo.gov

The account: line between the xpack.notification.email: line and the smtp_account: line was missing.

system · May 18, 2017, 10:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.