Automated Report Failing

banderson · April 20, 2017, 4:56pm

I configured a notification email elasticsearch:

xpack.notification.email:
   smtp_account:
      profile: standard
      smtp:
         host: momail.mo.gov
         user: bill.anderson@oa.mo.gov
         from: kibana@oa.mo.gov

Then I created a watch:

PUT _xpack/watcher/watch/ios_severity
{
   "trigger": {
      "schedule": {
         "interval": "1h"
      }
   },
   "actions": {
      "smtp_account": {
         "email": {
            "profile": "standard",
            "attachments": {
               "cisco_ios_severity_report.pdf": {
                  "reporting": {
                     "url": "https://10.241.52.8:5601/api/reporting/generate/visualization/4b8ab530-1f91-11e7-9d44-ef23cde92150?_g=()&_a=(filters:!(),linked:!f,query:(query_string:(analyze_wildcard:!t,query:%27severity:%22alert%22%27)),uiState:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),vis:(aggs:!((enabled:!t,id:%271%27,params:(),schema:metric,type:count),(enabled:!t,id:%272%27,params:(customLabel:%27Syslog+Host%27,field:sysloghost.keyword,order:desc,orderBy:%271%27,size:25),schema:bucket,type:terms)),listeners:(),params:(perPage:10,showMeticsAtAllLevels:!f,showPartialRows:!f,showTotal:!f,sort:(columnIndex:!n,direction:!n),totalFunc:sum),title:%27Top+Alert+(1)+Hosts%27,type:table))",
                     "retries": 10,
                     "interval": "1s",
                     "auth": {
                        "basic": {
                           "username": "elastic",
                           "password": "changeme"
                        }
                     }
                  }
               }
            },
            "to": [
               "bill.anderson@oa.mo.gov"
            ],
            "subject": "Cisco IOS Severity Report"
         }
      }
   }
}

So far so good. When I execute the watch:

POST _xpack/watcher/watch/ios_severity/_execute

I get this with an error

{
  "_id": "ios_severity_f1244026-7607-4d9d-ba77-d7301d035ff2-2017-04-20T16:55:09.850Z",
  "watch_record": {
    "watch_id": "ios_severity",
    "state": "executed",
    "trigger_event": {
      "type": "manual",
      "triggered_time": "2017-04-20T16:55:09.850Z",
      "manual": {
        "schedule": {
          "scheduled_time": "2017-04-20T16:55:09.850Z"
        }
      }
    },
    "input": {
      "none": {}
    },
    "condition": {
      "always": {}
    },
    "result": {
      "execution_time": "2017-04-20T16:55:09.850Z",
      "execution_duration": 8489,
      "input": {
        "type": "none",
        "status": "success",
        "payload": {}
      },
      "condition": {
        "type": "always",
        "status": "success",
        "met": true
      },
      "actions": [
        {
          "id": "smtp_account",
          "type": "email",
          "status": "failure",
          "reason": "IllegalArgumentException[no account found for name: [null]]"
        }
      ]
    },
    "messages": []
  }
}

I don't know why the account name is [null].

Stacey_Gammon · April 20, 2017, 6:50pm

Did you configure a password field for your email account? In all the examples here I see a password field, but it's missing from your snippet (though perhaps you just left it out intentionally). https://www.elastic.co/guide/en/x-pack/current/actions-email.html

banderson · April 20, 2017, 7:09pm

This mail server does not require authentication.

spinscale · April 20, 2017, 7:46pm

Hey Bill,

did you add the above account configuration to all of your nodes in the cluster?

Also, can you add "account": "smtp_account" to your watch email action and see if this works?

Thanks a lot!

--Alex

banderson · April 20, 2017, 8:37pm

There is only one node in the cluster.

I added the account and I am now getting a different error:

"_id": "ios_severity_cf0fa8c7-0805-4b08-9d9c-e51006b4d7f3-2017-04-20T20:34:22.341Z",
  "watch_record": {
    "watch_id": "ios_severity",
    "state": "not_executed_already_queued",
    "trigger_event": {
      "type": "manual",
      "triggered_time": "2017-04-20T20:34:22.341Z",
      "manual": {
        "schedule": {
          "scheduled_time": "2017-04-20T20:34:22.341Z"
        }
      }
    },
    "messages": [
      "Watch is already queued in thread pool"
    ]
  }
}

banderson · April 20, 2017, 9:50pm

I created a simpler watch:

PUT _xpack/watcher/watch/send_mail
{
  "trigger": {
      "schedule": {
         "interval": "1h"
      }
  },
  "actions": {
    "send_email" : { 
      "email" : { 
        "account": "smtp_account",
        "to" : "bill.anderson@oa.mo.gov", 
        "subject" : "Watcher Notification", 
        "body" : "error logs found" 
      }
    }
  }
}

And I get this error:

"actions": [
        {
          "id": "send_email",
          "type": "email",
          "status": "failure",
          "reason": "IllegalArgumentException[no account found for name: [smtp_account]]"
        }
      ]

banderson · April 20, 2017, 9:59pm

I found the error. Here is the correct pack.notification.email section in elasticsearch.yml

    xpack.notification.email:
       account:
          smtp_account:
             profile: standard
             smtp:
                host: momail.mo.gov
                user: bill.anderson@oa.mo.gov
                from: kibana@oa.mo.gov

The account: line between the xpack.notification.email: line and the smtp_account: line was missing.

system · May 18, 2017, 10:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to send email using watcher on Xpack 6.2.1 Elasticsearch elastic-stack-alerting	10	644	June 5, 2018
Automatic reporting not getting email Kibana elastic-stack-reporting	1	971	July 27, 2017
Sending out emails...nothing happens Elasticsearch elastic-stack-alerting	2	713	June 12, 2017
Xpack watcher email notifications with Mailgun 6.3 Elasticsearch elastic-stack-alerting	2	665	July 20, 2018
Watcher Automated Email Reports Kibana	4	508	January 17, 2023

Automated Report Failing

Related topics