Elasticsearch.yml notification config

Elastic Stack Elasticsearch
1

Hi,

I'm trying to add an smtp config in elasticsearch.yml file but i can't figure out what I'm doing wrong,
My goal is to send email from a watch.

Could someone give me a full sample of what elacsticsearch.yml should look like ?

I can't see the link between thoses two parts of the code below given by Elastic.
In my case I will have only one account.

PART 1
xpack.notification.email:
default_account: team1
account:
team1:
...
team2:
...

PART 2
xpack.notification.email.account:
gmail_account:
profile: gmail
smtp:
auth: true
starttls.enable: true
host: smtp.gmail.com
port: 587
user:
password:

Thank you in advance.

2

Hey,

you need to merge those two into one entry

xpack.notification.email:
  default_account: team1
  account:
  team1:
    ...
  team2:
  ...
  gmail_account:
  ...

Second, logfiles or the output of the watch execution API would help.

Hope this helps!

--Alex

3

Hi Alex an thank you for your answer,

Here is what I added in my elasticsearch.yml file.
This is the first and only modification a added from the orginal file :

xpack.notification.email.account:
        smtp_account:
                 profile: standard
                 email_defaults:
                 from: 'Xpack Alerting'
                 bcc: xxxxx@xxx.fr
        smtp:
                 auth: false
                 starttls.enable: false
                 host: smtp.xxxx
                 port: 25
                 user: user@xxxx.fr
                 password: 1111111

Since I added those lines Elastic server does not restart.

Is it possible to have a sample elasticsearch.yml file that include a sample of thoses two sections
xpack.notification.email
and
xpack.notification.email.account:

Best regards,

4

please start putting your configuration in proper code formatting blocks, so one can also see the indentation.

Also, if Elasticsearch does not start anymore, the full error message would helpful.

Thank you!

5

Thank you spinscale for your answer,

I think it could be useful to have a full sample, for example, commented in the default elasticserach.yml file.
Maybe in the future...

Thanks

6

Hi Spinscale,

Here is the (almost) full error message, hope this will help,
First part

 Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
       Active: failed (Result: exit-code) since Wed 2018-04-18 14:54:29 CEST; 2s ago
         Docs: http://www.elastic.co
      Process: 6456 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
     Main PID: 6456 (code=exited, status=1/FAILURE)

    Apr 18 14:54:24 elkxpack-D5de10.hdpedd-001541-dev.yyy.cloud.xxx.com systemd[1]: Started Elasticsearch.
    Apr 18 14:54:24 elkxpack-D5de10.hdpedd-001541-dev.yyy.cloud.xxx.com systemd[1]: Starting Elasticsearch...
    Apr 18 14:54:29 elkxpack-D5de10.hdpedd-001541-dev.yyy.cloud.xxx.com systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
    Apr 18 14:54:29 elkxpack-D5de10.hdpedd-001541-dev.yyy.cloud.xxx.com systemd[1]: Unit elasticsearch.service entered failed state.
    Apr 18 14:54:29 elkxpack-D5de10.hdpedd-001541-dev.yyy.cloud.xxx.com systemd[1]: elasticsearch.service failed.

Second part

 [2018-04-18T14:54:29,232][ERROR][o.e.b.Bootstrap          ] Exception
    java.lang.IllegalArgumentException: unknown setting [watcher.actions.email.service.account.work.email_defaults.bcc] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
            at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:346) ~[elasticsearch-6.2.3.jar:6.2.3]
            at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:310) ~[elasticsearch-6.2.3.jar:6.2.3]
            at 
...
            at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.2.3.jar:6.2.3]
            at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.2.3.jar:6.2.3]
            at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.2.3.jar:6.2.3]
            at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-6.2.3.jar:6.2.3]
            at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:85) ~[elasticsearch-6.2.3.jar:6.2.3]

And here is what we finally add in the elasticsearch.yml file:

watcher.actions.email.service.account:
    work:
        profile: standard
        email_defaults:
            from: 'ELK-XPack Watcher'
            bcc: B.xxx@xxxx.com
        smtp:
            auth: false
            starttls.enable: false
            host: xxx.test
            port: 10

Thank you in advance!

7

the settings prefixed with watcher are for an older version of elasticsearch, before version 5.x, from then on you need a xpack.notification.email prefix.

See https://www.elastic.co/guide/en/elasticsearch/reference/6.2/notification-settings.html#email-notification-settings

8

Hi Spinscale,

Thank you! Your answer helped us to understand what we were doing wrong,
And I wouldn't have figure it out from the documentation.

So here is finally a full sample that works in our case :

xpack.notification.email.account:
   mail1:
    profile: standard
    smtp.host: xxxxx.ZZZZZZZ
    smtp.port: 25
    smtp.auth: false
    smtp.starttls.enable: false
9

glad you got it working. Is there anything we can do to improve the docs further? We have that header telling that things are different at the top like here - is there any reason you stumbled on the 2.4 docs and not on the current ones? Maybe we can try to fix that in the future. Thankful for any input there!

10

The use of the 2.4 documentation is an error on our part, but even when I first used the 6.4 documentation I wasn't able to use it.

In my opinion the best way to improve documentation would be, to add some small snippets in the documentation or directly commented in elasticsearch.yml file !

Regards,

1 Like
11

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.