Elasticsearch.yml notification config

cedric1 · April 4, 2018, 2:13pm

Hi,

I'm trying to add an smtp config in elasticsearch.yml file but i can't figure out what I'm doing wrong,
My goal is to send email from a watch.

Could someone give me a full sample of what elacsticsearch.yml should look like ?

I can't see the link between thoses two parts of the code below given by Elastic.
In my case I will have only one account.

PART 1
xpack.notification.email:
default_account: team1
account:
team1:
...
team2:
...

PART 2
xpack.notification.email.account:
gmail_account:
profile: gmail
smtp:
auth: true
starttls.enable: true
host: smtp.gmail.com
port: 587
user:
password:

Thank you in advance.

spinscale · April 4, 2018, 3:09pm

Hey,

you need to merge those two into one entry

xpack.notification.email:
  default_account: team1
  account:
  team1:
    ...
  team2:
  ...
  gmail_account:
  ...

Second, logfiles or the output of the watch execution API would help.

Hope this helps!

--Alex

cedric1 · April 5, 2018, 2:53pm

Hi Alex an thank you for your answer,

Here is what I added in my elasticsearch.yml file.
This is the first and only modification a added from the orginal file :

xpack.notification.email.account:
        smtp_account:
                 profile: standard
                 email_defaults:
                 from: 'Xpack Alerting'
                 bcc: xxxxx@xxx.fr
        smtp:
                 auth: false
                 starttls.enable: false
                 host: smtp.xxxx
                 port: 25
                 user: user@xxxx.fr
                 password: 1111111

Since I added those lines Elastic server does not restart.

Is it possible to have a sample elasticsearch.yml file that include a sample of thoses two sections
xpack.notification.email
and
xpack.notification.email.account:

Best regards,

spinscale · April 5, 2018, 3:11pm

please start putting your configuration in proper code formatting blocks, so one can also see the indentation.

Also, if Elasticsearch does not start anymore, the full error message would helpful.

Thank you!

cedric1 · April 6, 2018, 8:55am

Thank you spinscale for your answer,

I think it could be useful to have a full sample, for example, commented in the default elasticserach.yml file.
Maybe in the future...

Thanks

cedric1 · April 18, 2018, 1:47pm

Hi Spinscale,

Here is the (almost) full error message, hope this will help,
First part

 Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
       Active: failed (Result: exit-code) since Wed 2018-04-18 14:54:29 CEST; 2s ago
         Docs: http://www.elastic.co
      Process: 6456 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
     Main PID: 6456 (code=exited, status=1/FAILURE)

    Apr 18 14:54:24 elkxpack-D5de10.hdpedd-001541-dev.yyy.cloud.xxx.com systemd[1]: Started Elasticsearch.
    Apr 18 14:54:24 elkxpack-D5de10.hdpedd-001541-dev.yyy.cloud.xxx.com systemd[1]: Starting Elasticsearch...
    Apr 18 14:54:29 elkxpack-D5de10.hdpedd-001541-dev.yyy.cloud.xxx.com systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
    Apr 18 14:54:29 elkxpack-D5de10.hdpedd-001541-dev.yyy.cloud.xxx.com systemd[1]: Unit elasticsearch.service entered failed state.
    Apr 18 14:54:29 elkxpack-D5de10.hdpedd-001541-dev.yyy.cloud.xxx.com systemd[1]: elasticsearch.service failed.

Second part

 [2018-04-18T14:54:29,232][ERROR][o.e.b.Bootstrap          ] Exception
    java.lang.IllegalArgumentException: unknown setting [watcher.actions.email.service.account.work.email_defaults.bcc] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
            at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:346) ~[elasticsearch-6.2.3.jar:6.2.3]
            at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:310) ~[elasticsearch-6.2.3.jar:6.2.3]
            at 
...
            at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.2.3.jar:6.2.3]
            at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.2.3.jar:6.2.3]
            at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.2.3.jar:6.2.3]
            at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-6.2.3.jar:6.2.3]
            at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:85) ~[elasticsearch-6.2.3.jar:6.2.3]

And here is what we finally add in the elasticsearch.yml file:

watcher.actions.email.service.account:
    work:
        profile: standard
        email_defaults:
            from: 'ELK-XPack Watcher'
            bcc: B.xxx@xxxx.com
        smtp:
            auth: false
            starttls.enable: false
            host: xxx.test
            port: 10

Thank you in advance!

spinscale · April 18, 2018, 2:53pm

the settings prefixed with watcher are for an older version of elasticsearch, before version 5.x, from then on you need a xpack.notification.email prefix.

See https://www.elastic.co/guide/en/elasticsearch/reference/6.2/notification-settings.html#email-notification-settings

cedric1 · April 24, 2018, 9:33am

Hi Spinscale,

Thank you! Your answer helped us to understand what we were doing wrong,
And I wouldn't have figure it out from the documentation.

So here is finally a full sample that works in our case :

xpack.notification.email.account:
   mail1:
    profile: standard
    smtp.host: xxxxx.ZZZZZZZ
    smtp.port: 25
    smtp.auth: false
    smtp.starttls.enable: false

spinscale · April 24, 2018, 10:49am

glad you got it working. Is there anything we can do to improve the docs further? We have that header telling that things are different at the top like here - is there any reason you stumbled on the 2.4 docs and not on the current ones? Maybe we can try to fix that in the future. Thankful for any input there!

cedric1 · April 25, 2018, 8:30am

The use of the 2.4 documentation is an error on our part, but even when I first used the 6.4 documentation I wasn't able to use it.

In my opinion the best way to improve documentation would be, to add some small snippets in the documentation or directly commented in elasticsearch.yml file !

Regards,

system · May 23, 2018, 8:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Watcher: multiple email accounts Elasticsearch elastic-stack-alerting	6	969	June 5, 2018
Elacticsearch.yml CLOUD Elasticsearch elastic-stack-alerting	6	395	June 29, 2018
Error when configure email account elasticseach.yml - Elastic Cloud Elasticsearch elastic-stack-alerting	4	1094	February 5, 2021
Missing required email account setting for account Elasticsearch elastic-stack-alerting	2	735	January 9, 2019
Error Configuring Email for Watcher Kibana 7.3.2 Kibana elastic-stack-alerting	4	390	March 25, 2021

Elasticsearch.yml notification config

Related topics