Creating Watcher and Trigger alert from outlook 365

shrikantgulia · January 25, 2020, 6:31am

Hello,

I am trying to trigger an alert but I am getting an error

[2020-01-25T06:26:06,821][ERROR][o.e.x.w.a.e.ExecutableEmailAction] [CGAUH-PDLXS03] failed to execute action [inlined/email_1]
org.elasticsearch.common.settings.SettingsException: missing required email account setting for account [gmail_account]. 'smtp.host' must be configured
at org.elasticsearch.xpack.watcher.notification.email.Account$Config.(Account.java:197) ~[?:?]
at org.elasticsearch.xpack.watcher.notification.email.EmailService.createAccount(EmailService.java:144) ~[?:?]
at org.elasticsearch.xpack.watcher.notification.email.EmailService.createAccount(EmailService.java:35) ~[?:?]
at org.elasticsearch.xpack.watcher.notification.NotificationService.lambda$buildAccounts$0(NotificationService.java:98) ~[?:?]
at org.elasticsearch.xpack.watcher.notification.NotificationService.lambda$createAccounts$1(NotificationService.java:142) ~[?:?]
at org.elasticsearch.common.util.LazyInitializable.maybeCompute(LazyInitializable.java:103) ~[elasticsearch-7.5.0.jar:7.5.0]
at org.elasticsearch.common.util.LazyInitializable.getOrCompute(LazyInitializable.java:81) ~[elasticsearch-7.5.0.jar:7.5.0]
at org.elasticsearch.xpack.watcher.notification.NotificationService.getAccount(NotificationService.java:121) ~[?:?]
at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:158) ~[?:?]
at org.elasticsearch.xpack.watcher.actions.email.ExecutableEmailAction.execute(ExecutableEmailAction.java:72) ~[?:?]
at org.elasticsearch.xpack.core.watcher.actions.ActionWrapper.execute(ActionWrapper.java:164) [x-pack-core-7.5.0.jar:7.5.0]
at org.elasticsearch.xpack.watcher.execution.ExecutionService.executeInner(ExecutionService.java:534) [x-pack-watcher-7.5.0.jar:7.5.0]
at org.elasticsearch.xpack.watcher.execution.ExecutionService.execute(ExecutionService.java:320) [x-pack-watcher-7.5.0.jar:7.5.0]
at org.elasticsearch.xpack.watcher.transport.actions.execute.TransportExecuteWatchAction$1.doRun(TransportExecuteWatchAction.java:159) [x-pack-watcher-7.5.0.jar:7.5.0]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-7.5.0.jar:7.5.0]
at org.elasticsearch.xpack.watcher.execution.ExecutionService$WatchExecutionTask.run(ExecutionService.java:627) [x-pack-watcher-7.5.0.jar:7.5.0]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:703) [elasticsearch-7.5.0.jar:7.5.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at java.lang.Thread.run(Thread.java:830) [?:?]

My elasticsearch.yml file config is

xpack.notification.email.account:
outlook_account:
profile: outlook
smtp:
auth: true
starttls.enable: true
host: smtp.office365.com
port: 587
user: Shrikant@domain.techno

Can someone Please guide me where i am facing problem

rugenl · January 25, 2020, 1:28pm

Others that have reported this issue have had indention issues, but your post isn't formatted to show indention.

shrikantgulia · January 26, 2020, 12:07pm

It is showing that

missing required email account setting for account [gmail_account]. 'smtp.host' must be configured

can someone help me out

spinscale · January 27, 2020, 9:10am

Len has a valid point, that your post is not showing indentation for the email account configuration. Please use markdown and code snippet functionality properly.

I see that smtp.host looks to be configured, but one cannot be sure due to not seeing the indentation.

Another important aspect is to make sure, that you updated the configuration file on all nodes and restarted them in order to take changes in the YAML file into effect. Did you do that?

shrikantgulia · January 27, 2020, 9:14am

Hello @spinscale,

Thankyou for the response
Please find the snapshot of the config

spinscale · January 27, 2020, 10:50am

your error message mentions however a gmail_account - is it possible that your watch action refers to a different account?

shrikantgulia · January 27, 2020, 12:57pm

Hello @spinscale,
How to make changes then
What should be done?

spinscale · January 27, 2020, 2:38pm

Have you checked your watch action, that sends am email? Can you share that one?

shrikantgulia · January 28, 2020, 4:45am

Hello @spinscale,

My watcher action is coming out OK

{
"watch_id": "3b854c7e-f3ef-44d9-94f5-5fb9e3e661e7",
"node": "HQQ24uQGRnalcc1RPfPEBw",
"state": "execution_not_needed",
"status": {
"state": {
"active": true,
"timestamp": "2020-01-28T04:45:00.498Z"
},
"last_checked": "2020-01-28T04:46:00.654Z",
"actions": {
"email_1": {
"ack": {
"timestamp": "2020-01-28T04:45:00.498Z",
"state": "awaits_successful_execution"
}
}
},
"execution_state": "execution_not_needed",
"version": -1
},
"trigger_event": {
"type": "schedule",
"triggered_time": "2020-01-28T04:46:00.653Z",
"schedule": {
"scheduled_time": "2020-01-28T04:46:00.504Z"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"hello1"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "{{ctx.trigger.scheduled_time}}||-5d",
"lte": "{{ctx.trigger.scheduled_time}}",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "if (ctx.payload.hits.total > params.threshold) { return true; } return false;",
"lang": "painless",
"params": {
"threshold": 1000
}
}
},
"metadata": {
"name": "test",
"watcherui": {
"trigger_interval_unit": "m",
"agg_type": "count",
"time_field": "@timestamp",
"trigger_interval_size": 1,
"term_size": 5,
"time_window_unit": "d",
"threshold_comparator": ">",
"index": [
"hello1"
],
"time_window_size": 5,
"threshold": 1000
},
"xpack": {
"type": "threshold"
}
},
"result": {
"execution_time": "2020-01-28T04:46:00.654Z",
"execution_duration": 15,
"input": {
"type": "search",
"status": "success",
"payload": {
"_shards": {
"total": 1,
"failed": 0,
"successful": 1,
"skipped": 0
},
"hits": {
"hits": ,
"total": 303,
"max_score": null
},
"took": 1,
"timed_out": false
},
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"hello1"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "2020-01-28T04:46:00.504Z||-5d",
"lte": "2020-01-28T04:46:00.504Z",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
}
}
}
}
}
},
"condition": {
"type": "script",
"status": "success",
"met": false
},
"actions":
},
"messages":
}

spinscale · January 28, 2020, 11:54am

please format your answers using markdown and code snippets. This is super hard to read. Thanks!

That watch condition was not true, so no email was triggered. That is no proof that email does not work as expected.

You can use the execute watch API and ignore the condition to trigger the email sending and then paste that output here.

shrikantgulia · January 28, 2020, 12:07pm

Hello @spinscale when I am trying to test it
still it is not sending me the test email

spinscale · January 28, 2020, 2:14pm

If you do not share results and outputs of APIs, then it is impossible to help you. I asked for a specific output above. Please paste the request you made and the response. Thx.

system · February 25, 2020, 2:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.