Can't get webhook to work when CURL does

Elastic Stack Elasticsearch
1

Trying to get a very simple watcher to execute as a "hello world" test to an external REST API and it does not working. Tried a CURL from the underlying elastic linux host and it works perfectly. Note: Destination REST API is using a self-signed cert so with CURL I use the -k option. Don't know if this is a problem for elastic/watcher or not.

My code is as follows (note you'll see I've brute forced the entry for BODY to test, but long term I want the JSON from input section):

{
  "trigger": {
    "schedule": {
      "interval": "1m"
    }
  },
  "input": {
    "simple": {
      "severity": 0,
      "owner": "admin",
      "name": "Hello World",
      "type": "Unclassified",
      "createInvestigation": true
    }
  },
  "condition": {
    "always": {}
  },
  "actions": {
    "postincident": {
      "webhook": {
        "scheme": "https",
        "host": "REDACTED_HOSTNAME",
        "port": 443,
        "method": "post",
        "path": "/incident",
        "params": {},
        "headers": {
          "Authorization": "REDACTED_API_KEY",
          "content-type": "application/json",
          "accept": "application/json"
        },
        "body": "{\"name\" : \"Hello World\",\"type\" : \"Unclassified\",\"severity\" : 0,\"owner\" : \"admin\",\"createInvestigation\" : true}"
      }
    }
  }
}
2

Here's my results from the simulated watcher:

{
  "watch_id": "_inlined_",
  "node": "3JcGg-ZAQbywRyAnPS9IgA",
  "state": "executed",
  "status": {
    "state": {
      "active": true,
      "timestamp": "2019-04-02T01:32:26.396Z"
    },
    "last_checked": "2019-04-02T01:32:26.397Z",
    "last_met_condition": "2019-04-02T01:32:26.397Z",
    "actions": {
      "postincident": {
        "ack": {
          "timestamp": "2019-04-02T01:32:26.397Z",
          "state": "ackable"
        },
        "last_execution": {
          "timestamp": "2019-04-02T01:32:26.397Z",
          "successful": true
        },
        "last_successful_execution": {
          "timestamp": "2019-04-02T01:32:26.397Z",
          "successful": true
        }
      }
    },
    "execution_state": "executed",
    "version": -1
  },
  "trigger_event": {
    "type": "manual",
    "triggered_time": "2019-04-02T01:32:26.397Z",
    "manual": {
      "schedule": {
        "scheduled_time": "2019-04-02T01:32:26.397Z"
      }
    }
  },
  "input": {
    "simple": {
      "severity": 0,
      "owner": "admin",
      "name": "Hello World",
      "type": "Unclassified",
      "createInvestigation": true
    }
  },
  "condition": {
    "always": {}
  },
  "metadata": {
    "name": "test",
    "xpack": {
      "type": "json"
    }
  },
  "result": {
    "execution_time": "2019-04-02T01:32:26.397Z",
    "execution_duration": 0,
    "input": {
      "type": "simple",
      "status": "success",
      "payload": {
        "severity": 0,
        "owner": "admin",
        "name": "Hello World",
        "type": "Unclassified",
        "createInvestigation": true
      }
    },
    "condition": {
      "type": "always",
      "status": "success",
      "met": true
    },
    "actions": [
      {
        "id": "postincident",
        "type": "webhook",
        "status": "simulated",
        "webhook": {
          "request": {
            "host": "REDACTED_HOST",
            "port": 443,
            "scheme": "https",
            "method": "post",
            "path": "/incident",
            "headers": {
              "Authorization": "::es_redacted::",
              "content-type": "application/json",
              "accept": "application/json"
            },
            "body": "{\"name\" : \"Hello World\",\"type\" : \"Unclassified\",\"severity\" : 0,\"owner\" : \"admin\",\"createInvestigation\" : true}"
          }
        }
      }
    ]
  },
  "messages": []
}
3

If your webhook URL uses certificates that are not trusted by the JVM, then you need to configure watcher SSL:

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.