Automatic report generation using watcher not able to parse auth

Elastic Stack Kibana
1

Hi Team,

I am trying to generate the automatic report and send an email using the default email service provided by elastic cloud (8.9.0)

I have followed all the steps

  • created the user and give all privileges
  • copying the post url from the visualization
  • created watcher using the below example
PUT _watcher/watch/error_report
{
  "trigger" : {
    "schedule": {
      "interval": "1h"
    }
  },
  "actions" : {
    "email_admin" : { 
      "email": {
        "to": "'Recipient Name <recipient@example.com>'",
        "subject": "Error Monitoring Report",
        "attachments" : {
          "error_report.pdf" : {
            "reporting" : {
              "url": "http://0.0.0.0:5601/api/reporting/generate/printablePdf?jobParams=...", 
              "retries":40, 
              "interval":"15s", 
              "auth":{ 
                "basic":{
                  "username":"elastic",
                  "password":"changeme"
                }
              }
            }
          }
        }
      }
    }
  }
}

I am actually getting below error while saving the watcher for the second time. It was saving the watcher for the first time. I think the password is converted as "es_radicated". is it because of that?

image
image1336×136 7.02 KB

Auth Added in the watcher
image

Can anyone please explain and help resolve the issues?

Thanks,
Surya

2

Removed #elastic-cloud

3

Removed #elastic-cloud

4

Hi @surya_dadi_dhamarake,

This error usually happens when Elasticsearch cannot parse a specific field in the message attachment. It would be best to double-check that your data format is correct for your authentication parameters.

This related forum post might be helpful too.

5

Hi @jessgarson ,

I have just added basic auth as mentioned in my question. Can you please check and let me know If I did anything wrong?

Thanks,
Surya

6

Thanks for following up, @surya_dadi_dhamarake. I hadn't seen authentication in a watcher in this way for a watcher in the past, but I am a bit newer to working with Elastic. Can you provide further context as to what you want to accomplish?

7

Hi @jessgarson ,

I am actually doing below.

  • created a visualization
  • copied the post url from the visualization share

image

  • I was adding the post url in the watcher as my first question I posted here.

The doc ref I followed is this Automatically generate reports | Kibana Guide [8.14] | Elastic

Can you please check and help me resolve?

Thanks,
Surya

8

Thanks for your continued follow-up, @surya_dadi_dhamarake.

Does your environment use OIDC? If your environment uses OIDC or another authentication mechanism, you may need to adjust this accordingly. An option, if this is the case, is using an API key.

A few other ideas:

  • Since this is a parsing error, you may want to check that your JSON is structured properly, too.
  • You also may want to double check your username and password are correct.
9

That sounds very possible to me. How are you saving the watch for the second time? Through the API directly (dev tools)? Or through Kibana?

1 Like
10

Hi @Keith_Massey ,

Yes. I am using kibana. I clearly verified the json and it is properly structured.

I am using the saml and disabled basic auth for login into kibana. is it the possible issue for this?

If yes, what will be the alternate procedure to automatically generate the reports?

11

I think that the problem is that you have to retype your email password every time you save it. Otherwise Kibana does just send in ::es_redacted:: as the password. The problem is that Elasticsearch redacts that password before ever sending it to Kibana. So Kibana can't substitute back in the real password.

12

Hi @Keith_Massey ,

But even first time after I save with the actual password the action is failing with the same reason.

13

But even first time after I save with the actual password the action is failing with the same reason.

Oh I had read this: I am actually getting below error while saving the watcher for the second time as that the initial watch creation (with the real password) succeeded, and the second time saving (with ::es_redacted::) failed. It must be saving at least once if you're ever seeing ::es_redacted::. So you're saying you save it once with the correct password, then you view it in kibana, change ::es_redacted:: to the correct password, save a second time, and you get failed to parse field [auth]? I tried your watch in kibana doing that, and was able to successfully save twice.

1 Like
14

hi @Keith_Massey ,

I am using elastic cloud 8.9.0. Can you please check? I am still getting the error not sure why is it coming like that but I have disabled basic auth in kibana config also in elastic cloud while integrating the saml.

15

Can you give the exact steps you are taking?

17

Hi @Keith_Massey ,

Exactly this procedure.

18

So you only saved the watch the one time, and never gave ::es-redacted:: as the password? That means my theory is not correct. Can you create the watch via the Elasticsearch API directly (either through dev tools in kibana or through curl from the command line) and post the response here?

19

Hi @Keith_Massey ,

I have tried creating watcher using the dev tools. I got below response
image

When I wait for it to execute, It was just showing execution failing.

image
image1617×167 7.15 KB

image
image1390×300 12 KB

20

How did you create it in dev tools? Are there any error messages are in the elasticsearch log when it tries to run the watch? If not, take a look in the watcher history index with something like the following to see what is going on:

GET .watcher-history-*/_search?size=100
{
  "sort" : [
    { "@timestamp": "desc"}
  ]
}
1 Like
21

Hi @Keith_Massey ,

I ran the query you suggested and I found the 403 error in the action, then I added kibana admin role now it is giving me below error.

image