How to use Elasticsearch delete_by_query API's in watcher webhook. Its failing on Authentication

Hi Team,
I am using delete_by_query in elasticsearch watcher action as webhook as below.

"actions": {
    "my_api": {
      "webhook": {
        "scheme": "https",
        "host": "130.8.1.198",
        "port": 9200,
        "method": "POST",
        "path": "/search-my-index-*/_delete_by_query",
        "body": """{"query": {"terms":{ "url":[{{ctx.payload._value}}] }}}"""
        "headers": {
              "Authenticate": "Bearer Zwabdhrifssr45kedhlgnhrbdlkg"
      }
    }
  }
  }

But when executing it shows below error

"body": "{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/search-my-index-*/_delete_by_query]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/search-my-index-*/_delete_by_query]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]}},\"status\":401}"
          }

Note: The index is created using elastic web crawler.

Please let me know, watcher doesn't work like devtool? do we need to give username and password?

Hello @Disha_Bodade,

The auth attribute in the webhook action is not required, as you can read here, but if it makes sense, basic authentication is supported.

Make sure that "require authentication" is not enabled. If it is, you must provide a username and password for login-type authentication.

IMG_13041536×1660 189 KB

Note: I noticed that there is a missing comma (",") after the "body" field. Please try to correct that as well and resend the request.

Hope this helps!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.