Error in executing Groovy script in Watcher (Elasticsearch 6.3.1)


I am getting below error when trying to execute Groovy script from Watcher.
(Working on ElasticSearch 6.3.1 version):
"error": {
"root_cause": [
"type": "illegal_argument_exception",
"reason": "unable to put stored script with unsupported lang [groovy]"
"type": "illegal_argument_exception",
"reason": "unable to put stored script with unsupported lang [groovy]"
"status": 400

Just to mention, I have tried following changes in elasticsearch.yml but none is working:
script.inline: on
script.indexed: on
script.engine.groovy.inline: on
script.engine.groovy.inline.aggs: on

Can anyone suggest what is I am missing?
Is there any Groovy plugin for elasticsearch 6.3.1 version (I have read that Groovy plugin is not supported after 1.3 version when it was made the default language but it was removed after Painless script came).


Painless was introduced in 5.0, where groovy existed as an additional scripting language.

From 6.0 onwards groovy was removed as a scripting language as painless is more secure and much faster. This means in order to run watches on 6.x you need to replace groovy with painless scripts.

Hope this helps!


Okay, but as I have read the documentation it says Groovy, Javascript, perl are also supported by elasticsearch and painless is the default one. Correct me if I am wrong.

Also, if we can't use Groovy can you please tell how can we connect to database through painless script? I have tried with Groovy but there is not enough info about painless how to connect with database.


Which documentation are you referring to? Is it possible this is still 5.x documentation you are .reading? If not, we have to fix it, so any pointers would be appreciated.

You cannot use painless to connect to a database, it is meant to be a scripting language, running as fast as possible, which means . the data it needs to access has to be local and due to security reasons no network calls are allowed.

At the moment I can't find exact documentation but here is one of the link that points out (does not confirm Groovy/Javascript) we can use other languages.

I am struggling with the below business requirement, please guide if possible:

I have to read logs generated by an app for failed transactions and subsequently notify corresponding merchant (via email) for the failure.
Now, the problem is merchant email ld are stored in My SQL database so they are not accessible. I think storing the email Id in elasticsearch can solve the issue but whether it would be a right to do storing this data in elasticsearch and if yes, how to access it in watcher action component?
Also, how can I manage the data in elasticsearch if there is Update/Insert/Delete in source.

Any help would be appreciated.

The above link contains the currently supported scripting languages by Elasticsearch. Other languages can be hooked into but that needs a plugin to be written for which needs to be maintained (which is not part of Elasticsearch).

You could store the email address as part of the watch, so it is always available. A watch can have something called metadata, where this could be stored.

The same rules of syncing data applies to email addresses like any other of your data. If your primary data store has a deletion going on you need to sync this with Elasticsearch.

there can be million of email addresses so how can I load them into metadata of watcher?

I thought we are only talking about a few. I still have not fully understood the use-case then. When you query for data, how do you find out the proper email address belonging to an alert? You could use a chained input, that first queries for your dataand then queries for the users email - but this depends a lot on how your data is modelled, but would work in principle.

The business requirement is I have to read the log files generated by the application, it will contain error message and the merchant id based on this merchant id I will look for the contact email address and send them notification.
Currently these email addresses (around 2 millions) are stored in database table so how can I move them to watcher or elasticsearch and manage them if there is any change in the source?
Also, how can I search email id for a particular merchant (which I will get from logs) in elasticsearch or watcher?

the easiest solution (maybe not the best) I see to this would be to index the merchants email address along with the event. This way you always have access to it.

However be aware that an email action can only send one email per watch execution, so you cannot loop over the results of a query and then send an email for each.

Have you thought about decoupling the sending of email from finding it? For example gather the merchant ids inside of your watch (with an aggregation in your query) and then send off to another component, that maps back to email addresses and is also doing the sending of emails.

Yes, if it is not possible to map the merchant id with email address inside watcher then we can collect IDs and send email separately. Can you please suggest what would integrate best with watcher?

Is it possible to connect database with watcher? Is there any plug in available?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.