Email alerting

Elastic Stack Elasticsearch
1

I was trying to set the email alerting according to the official doc.
The configuration for email has been set up successfully.
Here is my code segment.

POST _xpack/watcher/watches/email_test
{
  "trigger" : {
    "schedule" : {
      "interval" : "1m"
    }
  },
  "actions" : {
    "email_admin" : {
      "email" : {
        "to" : "username@mail.com",
        "subject" : "Error Monitoring Report",
        "priority" : "high"
      }
    }
  }
}

But it shows,
No handler found for uri [/_xpack/watcher/watches/email_test] and method [POST]

My version is 6.2.1

2

Have you installed the x-pack plugin on all nodes of your cluster?

3

I think so, cuz the slack alerting works.

4

misread your first line, you need to use PUT _xpack/watcher/watch/email_test (not the plural)

5

Thank you so much, I got that working.

One more question, if I want to customize the "from" name of the alerting, am I supposed to do like this?

PUT _xpack/watcher/watch/email_test
{
  "trigger" : {
    "schedule" : {
      "interval" : "1m"
    }
  },
  "actions" : {
    "email_admin" : {
      "email" : {
        "from" : "Symantec Alerting"
        "to" : "username@mail.com",
        "subject" : "Error Monitoring Report",
        "priority" : "high"
      }
    }
  }
}
6

I was trying to delete my previous watch and set a new one called countAuth

PUT _xpack/watcher/watch/countAuth
{
  "trigger" : {
    "schedule" : {
      "interval" : "1m"
    }
  },
  "actions" : {
    "email_admin" : {
      "email" : {
        "from" : "Symantec Alerting"
        "to" : "echowu720@gmail.com",
        "subject" : "Error Monitoring Report",
        "priority" : "high"
      }
    }
  }
}

But the response shows

{
  "error": {
    "root_cause": [
      {
        "type": "i_o_exception",
        "reason": "could not parse watch [countAuth]"
      }
    ],
    "type": "i_o_exception",
    "reason": "could not parse watch [countAuth]",
    "caused_by": {
      "type": "json_parse_exception",
      "reason": "Unexpected character ('\"' (code 34)): was expecting comma to separate Object entries\n at [Source: org.elasticsearch.transport.netty4.ByteBufStreamInput@1636a0f4; line: 11, column: 10]"
    }
  },
  "status": 500
}
7

missing comma at the end of from

8

Hi,

I was trying to customize the "from" name by below,

{
  "trigger": {
    "schedule": {
      "interval": "1m"
    }
  },
  "input": {
    "none": {}
  },
  "condition": {
    "always": {}
  },
  "actions": {
    "email_admin": {
      "email": {
        "profile": "standard",
        "from": "Symantec Alerting",
        "priority": "high",
        "to": [
          "echowu720@gmail.com"
        ],
        "subject": "Error Monitoring Report"
      }
    }
  }
}

But it seems the "from" field could only be a valid email address, not the customized name for displaying in email notification.

If I put "Symantec Alerting" there, it will throw the error that "Local address contains control or whitespace".

9

You can use something like Firstname Lastname <firstname.lastname@example.org>, see https://www.elastic.co/guide/en/x-pack/6.2/actions-email.html#email-address

10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.