Hi,
I have Elastic Cloud service, recently I've updated to 7.7 but I don't see the way to use alerts notifications with slack or my email.
That's functionalities are premium or something? or I should have the possibility to alert by slack or email some triggers?
Thank you very much
Have you tried the WATCHER options under Management -> ElasticSearch -> Wather.
I can see watcher, but when I want to add action for example by slack I have this message
Account may not be configured
To create this action, you must configure at least one Slack account. Learn more.
So, when I go to Kibana / Alerts and Actions / Connectors
I filled slack options
So I turn back and create an alert but I got this message
Error testing action
[illegal_argument_exception] no accounts of type [slack] configured. Please set up an account using the [xpack.notification.slack] settings
I miss something?
Thanks
Please any suggestion to solve the problem about how configure Alerts?
I read a lot it seems that now you don't need touch elastic cloud console or restarts nodes? all should be done from Kibana UI or dev tools?
Any clues to follow?
Thank you very much
I have my alert created but I'm not able to configure and alert by slack.
I have my incomming wehbook created like documentation says.
But I can't configure more, didn't work I can't save when I try to add slack method
Error saving watch
[illegal_argument_exception] no accounts of type [slack] configured. Please set up an account using the [xpack.notification.slack] settings
{
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"gke_stage_*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"must": [
{
"match": {
"message": "ERROR"
}
},
{
"range": {
"@timestamp": {
"from": "now-5m",
"to": "now"
}
}
}
],
"must_not": [
{
"match": {
"kubernetes.namespace": "logging"
}
},
{
"match": {
"kubernetes.namespace": "kube-system"
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 1
}
}
},
"actions" : {
"notify-slack" : {
"throttle_period" : "5m",
"slack" : {
"message" : {
"to" : [ "#sysops", "@david" ],
"text" : "Encountered {{ctx.payload.hits.total.value}} errors in the last 5 minutes (facepalm)"
}
}
}
}
}
I read
https://www.elastic.co/guide/en/elasticsearch/reference/current/actions-slack.html#configuring-slack
I don't know how I should configure the keystore on elastic cloud, the example seems onpremise.
bin/elasticsearch-keystore add xpack.notification.slack.account.monitoring.secure_url
Please any sugestion? no body use watcher in elastic cloud or alerts vía slack?
Thank you very much
Solved.
If you are using elastic cloud 7.7 you have to create in keystore (console elastic UI) that key xpack.notification.slack.account.account1.secure_url
and then in secret field you have to put Slack webhook.
Then if you want to use watcher, in your alert definition you have to put an action like this using the account1 that you create before.
"actions": {
"notify-slack": {
"throttle_period_in_millis": 1000,
"slack": {
"account": "account1",
"message": {
"to": [
"#env_dev"
],
"text": "Encountered {{ctx.payload.hits.total}} errors in the last 5 minutes :face_with_monocle:"
}
}
}
Enjoy!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.