Can't configure Slack Watcher action

rokcarl · August 29, 2019, 7:35am

I can't seem to configure the Slack Watcher action. I'm running the Elastic stack through Docker Swarm.

I have the Slack account config in elasticsearch.yml:

xpack.notification.slack:
  account:
    monitoring:
      message_defaults:
        from: Elastic Stack

Then I added the secure URL through the CLI:

docker exec -it $CONTAINER bin/elasticsearch-keystore add xpack.notification.slack.account.monitoring.secure_url

I verify that it's saved:

docker exec -it $CONTAINER bin/elasticsearch-keystore list
keystore.seed
xpack.notification.slack.account.monitoring.secure_url

When I try to send a sample notification to Slack using Watcher, I get the following error in the console:

["org.elasticsearch.common.settings.SettingsException: invalid slack [monitoring] account settings. missing required [secure_url] setting",

Not sure why it thinks it's missing. I also modified the elasticsearch.yml configuration by putting the secure_url inside it, but that didn't work either.

The documentation does mention that some settings require a restart, but it's not clear if this one does need it too. The problem if it does is that "restarting" for me means creating another Docker container, so effectively running a new instance of ES.

Any help?

rokcarl · August 29, 2019, 8:03am

I have a slightly different problem now with setting up email, but possibly connected.

I do the same as before, properly configuring an email account through YAML + setting secure_password on the CLI. Sending a test email notification results in a stacktrace with the following line in the middle:

"Caused by: javax.mail.AuthenticationFailedException: failed to connect, no password specified?",

spinscale · August 29, 2019, 10:24am

hey,

my docker/swarm skills are nearly zero, but I suspect that somehow an image without any configuration is used. The steps look fine

I just tried the same using docker-compose and it worked

version: '3.7'
services:
  elasticsearch:
    hostname: elasticsearch
    container_name: elasticsearch
    image: docker.elastic.co/elasticsearch/elasticsearch:7.3.1
    environment:
      - node.name=es01
      - cluster.initial_master_nodes=es01
      - cluster.name=my-meetups-cluster
      - http.host=0.0.0.0
    volumes:
      - './elasticsearch.keystore:/usr/share/elasticsearch/config/elasticsearch.keystore:ro'
    ports:
      - 9200:9200
    networks:
      - esnet

  kibana:
    image: docker.elastic.co/kibana/kibana:7.3.1
    hostname: kibana
    container_name: kibana
    ports: [ '127.0.0.1:5601:5601' ]
    networks: ['esnet']
    depends_on: [ 'elasticsearch' ]

networks:
  esnet:

I created the keystore file locally and mounted it in. Called the same what you called elasticsearch-keystore add xpack.notification.slack.account.monitoring.secure_url

Running a sample watch showed me, that it tried to connect to the specified URL.

Maybe you spot a docker difference that I do not see... I suppose that the keystore call is somewhat temporary and does not save its state, but that is just an assumption.

rokcarl · August 30, 2019, 5:51am

Hey Alexander,

I've tried your code and there's no Watcher section under Management -> Elasticsearch, which means I can't set up a watch. Not sure how you did it on your end?

system · September 27, 2019, 5:51am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.