How can I check the status of an email from a watch

Elastic Stack Elasticsearch
1

Running ES 5.6 .

Trying to setup the watch below but not receiving any email. How can I check the status of the email? I don't see anything in the logs. The watch is monitoring that the cluster is in a green state. Do you see anything wrong with the watch?

PUT _xpack/watcher/watch/cluster_health_watch
{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"http" : {
"request" : {
"host" : "master_node",
"port" : 9200,
"path" : "/_cluster/health"
}
}
},
"condition" : {
"compare" : {
"ctx.payload.status" : { "eq" : "green" }
}
},
"actions" : {
"send_email" : {
"email" : {
"to" : "email_address" "@mydomain.com",
"subject" : "Cluster Status Warning",
"body" : "Cluster status is GREEN"
}
}
}
}

my yml file looks like this:

cluster.name: istunixes
node.name: <master_node>
path.conf: /etc/elasticsearch
path.data: /data/elasticsearch
path.repo: ["/mount/backups/esbackup"]
#path.work: /tmp/elasticsearch
path.logs: /var/log/elasticsearch
#path.plugins: /usr/share/elasticsearch/plugins
network.bind_host: 0.0.0.0
network.publish_host: 0.0.0.0
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "/.*/"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
#action.disable_delete_all_indices: true
#bootstrap.mlockall: false
#gateway.type: local
discovery.zen.ping.unicast.hosts:
action.auto_create_index: true
#script.disable_dynamic: True
#shield.audit.enabled: true
#shield.audit.outputs: logfile
#shield.authc:

realms:

default:

type: esusers

order: 0

node.data: false
node.master: true
#node.size: none
discovery.zen.minimum_master_nodes: 2
#cluster.routing.allocation.cluster_concurrent_rebalance: 5
#cluster.routing.allocation.cluster_concurrent_recoveries: 5
#index.unassigned.node_left.delayed_timeout: 5m

x pack settings

xpack.security.enabled: true
xpack.monitoring.enabled: true
xpack.graph.enabled: true
xpack.watcher.enabled: true
xpack.notification.email.account:
exchange_account:
profile: outlook
email_defaults:
from:
smtp:
auth: true
starttls.enable: true
host:
port: 587
user: xxxx
password: xxxx

2

Hey,

please take the time to properly format your emails. You can use markdown here and it supports awesome code formatting. This will make it much easier for other to check out your code samples and also have correct indendation. Thank you.

Every watch execution creates a so-called history record which shows if any error has occured. You can either query the watch history or simply run the Execute Watch API. Then put the output into a pastebin and refer to it over here in order to take a further look.

I also highly encourage you to read this blog post about watch debugging as it will probably save you hours down the road debugging issues.

--Alex

4

Thank you Alexander, will fix my posts in the future. Here it the error I'm receiving when I try to send email

"execution_time": "2019-05-08T16:51:41.896Z",
"execution_duration": 2,
"input": {
  "type": "http",
  "status": "success",
  "payload": {
    "_headers": {
      "www-authenticate": [
        "Basic realm=\"security\" charset=\"UTF-8\""
      ],
      "content-length": [
        "399"
      ],
      "content-type": [
        "application/json; charset=UTF-8"
      ]
    },
    "error": {
      "root_cause": [
        {
          "type": "security_exception",
          "reason": "missing authentication token for REST request [/_cluster/health]",
          "header": {
            "WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
          }
        }
      ],
      "type": "security_exception",
      "reason": "missing authentication token for REST request [/_cluster/health]",
      "header": {
        "WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
      }
    },
    "_status_code": 401,
    "status": 401
  }, spaces
5

Taking a look at the output, there is an error message telling you about a missing authentication token. In order to connect to the Elasticsearch node, you need to specify a username and a password.

7 
    xpack.notification.email.account:
  exchange_account:
    profile: "my profile"
    email_defaults:
      from: "email account
    smtp:
      auth: true
      starttls.enable: true
      host: smtp.mydomain.com
      port: 25
      user: "email account"
      password: "password"

Resolved by changing my server and port information above. Thanks for your help. Better formatting, right? :slight_smile: