Can't configure Slack Watcher action

I can't seem to configure the Slack Watcher action. I'm running the Elastic stack through Docker Swarm.

I have the Slack account config in elasticsearch.yml:

        from: Elastic Stack

Then I added the secure URL through the CLI:

docker exec -it $CONTAINER bin/elasticsearch-keystore add xpack.notification.slack.account.monitoring.secure_url

I verify that it's saved:

docker exec -it $CONTAINER bin/elasticsearch-keystore list

When I try to send a sample notification to Slack using Watcher, I get the following error in the console:

["org.elasticsearch.common.settings.SettingsException: invalid slack [monitoring] account settings. missing required [secure_url] setting",

Not sure why it thinks it's missing. I also modified the elasticsearch.yml configuration by putting the secure_url inside it, but that didn't work either.

The documentation does mention that some settings require a restart, but it's not clear if this one does need it too. The problem if it does is that "restarting" for me means creating another Docker container, so effectively running a new instance of ES.

Any help?

I have a slightly different problem now with setting up email, but possibly connected.

I do the same as before, properly configuring an email account through YAML + setting secure_password on the CLI. Sending a test email notification results in a stacktrace with the following line in the middle:

"Caused by: javax.mail.AuthenticationFailedException: failed to connect, no password specified?",


my docker/swarm skills are nearly zero, but I suspect that somehow an image without any configuration is used. The steps look fine

I just tried the same using docker-compose and it worked

version: '3.7'
    hostname: elasticsearch
    container_name: elasticsearch
      - cluster.initial_master_nodes=es01
      - './elasticsearch.keystore:/usr/share/elasticsearch/config/elasticsearch.keystore:ro'
      - 9200:9200
      - esnet

    hostname: kibana
    container_name: kibana
    ports: [ '' ]
    networks: ['esnet']
    depends_on: [ 'elasticsearch' ]


I created the keystore file locally and mounted it in. Called the same what you called elasticsearch-keystore add xpack.notification.slack.account.monitoring.secure_url

Running a sample watch showed me, that it tried to connect to the specified URL.

Maybe you spot a docker difference that I do not see... I suppose that the keystore call is somewhat temporary and does not save its state, but that is just an assumption.

Hey Alexander,

I've tried your code and there's no Watcher section under Management -> Elasticsearch, which means I can't set up a watch. Not sure how you did it on your end?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.