Elasticsearch enable watcher - email notifications

dominbdg · September 9, 2021, 2:39pm

Hello,
I would like to ask You for help,
I have one-node elasticsearch with kibana on kubernetes.
I need to have on kibana watcher email notifications enabled but don't know how to do from elasticsearch yml file.

Right now I have emails option greyed from kibana side with coment "configure elasticsearch.yml"

Can someone help me ?

warkolm · September 10, 2021, 12:07am

Welcome to our community!

Have you been over Watcher settings in Elasticsearch | Elasticsearch Guide [7.14] | Elastic?

dominbdg · September 10, 2021, 9:43am

hello, warkolm
thanks for reply, yes I saw this website but have small question,
as I uderstand this section :

"actions" : {
  "send_email" : { 
    "email" : { 
      "to" : "username@example.org", 
      "subject" : "Watcher Notification", 
      "body" : "{{ctx.payload.hits.total}} error logs found" 
    }
  }
}

should be only included in elasticsearch.yml and
xpack.watcher.enabled yes ?

I have on kibana also 4 spaces - how can I set options only for one space ?

dominbdg · September 10, 2021, 10:20pm

Can someone help me with this email notifications from elasticsearch yml file ?
I addedd section in elasticsearch yml file

xpack.watcher.enabled: true
xpack.notification.email.account:
  gmail_account:
    profile: gmail
      smtp:
        auth: true
        starttls.enable: true
        host: smtp.gmail.com
        port: 587
        user: dominbdg

but the problem is that - elasticsearch don't want to start with this configuration.
when - from documentation try to launch :

bin/elasticsearch-keystore add xpack.notification.email.account.gmail_account.smtp.secure_password

I'm getting error:

Caused by: com.fasterxml.jackson.dataformat.yaml.snakeyaml.error.MarkedYAMLException: mapping values are not allowed here
 in 'reader', line 87, column 11:
          smtp:

stephenb · September 10, 2021, 11:10pm

Most likely You have a yml syntax / formatting error in that section.. either in it or after it.. that's what the error indicates.

dominbdg · September 10, 2021, 11:13pm

@stephenb
Thanks for that - You were right - there was an improper formatting.

dominbdg · September 10, 2021, 11:23pm

I have also a question - we have local openrelay in my company. Is it possible to use it or I have to have regular mail account for watcher emails ?

stephenb · September 10, 2021, 11:52pm

I don't know... Try it

It expects an SMTP endpoint.

dominbdg · September 12, 2021, 6:13pm

@stephenb - You are right - using normal email server works.
I have a small question - when I need to use ssl - how to do it ?
I have below configuration:

xpack.notification.email.account:
    gmail_account:
        profile: gmail
        smtp:
            auth: true
            starttls.enable: true
            host: smtp.gmail.com
            port: 587
            user: <username>

is it possible that instead of starttls.enable I can use ssl.enable and change port to ssl ?

stephenb · September 12, 2021, 6:30pm

I do not see ssl.enable as a valid option in the docs. Perhaps just set to the ssl port and try it.

In the docs here

If it is a self signed certificate you may need to add additional settings

Curious why not use

starttls.enable: true

system · October 10, 2021, 6:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.