I'm trying to enable watcher to send email when conditions require an email to be sent. however i'm encounter issues and have been bashing my head against the wall for a while and decided its time to ask for assistance. I'm using an app specific password and i'm 100% confident app security settings in gmail are correct as i'm using this same email address with a different app password to send email from Zabbix and its working.
Below are my elastic user setting overrides. I do not think xpack.watcher.enabled is required but i saw it in an example and gave it a try.
The password is saved in the key store with the setting name of:
xpack.notification.email.account.gmail_account.smtp.secure_password
Below is the error i find in the logging-and-metrics instances after i push the "send test email" after creating a temporary watcher rule.
[2019-12-31T18:33:10,986][ERROR][org.elasticsearch.xpack.watcher.actions.email.ExecutableEmailAction] [instance-0000000005] failed to execute action [inlined/email_1]
javax.mail.MessagingException: failed to send email with subject [Watch [asf] has exceeded the threshold] via account [work]
at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:171) ~[?:?]
at org.elasticsearch.xpack.watcher.notification.email.EmailService.send(EmailService.java:163) ~[?:?]
at org.elasticsearch.xpack.watcher.actions.email.ExecutableEmailAction.execute(ExecutableEmailAction.java:76) ~[?:?]
at org.elasticsearch.xpack.core.watcher.actions.ActionWrapper.execute(ActionWrapper.java:164) [x-pack-core-7.5.1.jar:7.5.1]
at org.elasticsearch.xpack.watcher.execution.ExecutionService.executeInner(ExecutionService.java:534) [x-pack-watcher-7.5.1.jar:7.5.1]
On the nodes running docker
root@ELK-ECE-NODE-4:~# telnet smtp.gmail.com 587
Trying 74.125.20.109...
Connected to smtp.gmail.com.
Escape character is '^]'.
220 smtp.gmail.com ESMTP c14sm35697244pfn.8 - gsmtp
^]
telnet> quit
However when i tcpdump on the node while snooping for traffic on 587 i see nothing and the above error does not indicate that it is even trying to make a connection.
Ah OK so the clue to what's going on here is javax.mail.MessagingException: failed to send email with subject [Watch [asf] has exceeded the threshold] via account [work]
that tells you that the account it's using to send is work and not gmail_account. The account work is some internal config (which in fact isn't used in ECE)
It looks like you just need to add one extra field to your config:
Ah @Amandeep1 it might be worth opening a new thread for any replies, since this seems like a different problem
The error you are getting indicates that the container hosting ES cannot access smtp.gmail.com:587 - the container does not have outbound filtering, so this almost certainly means whatever network settings you have at the host level is blocking that?
@Amandeep1 as @Alex_Piggott pointed out the issue appears to be network related. Check and make sure your cluster devices are able to resolve smtp.gmail.com and actually connect to gmail over port 587 via telnet. If those tests are successful and you still can't send mail you should start a new thread.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.