Issues with sending SMTP

I'm trying to get watcher to send me an email and it's giving me

failed to execute [email] action [my_first_watch_0-2015-05-22T13:45:55.181Z/send_email]. error: cannot find default email account as no accounts have been configured

here is what I'm giving it.

PUT /_watcher/watch/my_first_watch { "trigger" : { "schedule" : { "interval" : "10s"} }, "input" : { "search" : { "request" : { "indices" : "iislog", "body" : { "query" : { "match" : { "cs-method":"error" } } } } } }, "throttle_period" : "2m", "transform" : { "search" : { "indices" : "iislog", "body" : { "query" : { "match": { "cs-method": "error" } } } } }, "actions" : { "send_email" : { "email" : { "to" : <removed>, "subject" : "Isn't this fun?", "body" : "I've never done anything like this before", "attach_data" : true, "priority" : "high"} } } }

Elasticsearch.yml outlook: smtp: auth: true starttls.enable: true host: port: 587 user: <removed> password: <removed>

I've gone through the documentation pretty extensively, did I miss something?

Hi Daniel,

I just ran a quick test with your example... should work fine. Are you sure the elasticsearch.yml is configured correctly. Make sure the configuration is properly indented... should look something like:
      auth: true
      starttls.enable: true
      port: 587
      user: <removed>
      password: <removed>

you can also verify that it using the nodes info API (and see that the proper structure of the watcher settings is returned):

GET _nodes/settings

Hi Daniel,

One other quick question - after entering the watcher SMTP settings, did you restart Elasticsearch? The elasticsearch.yml file is only read on startup.

@uboness : Yes I have things indented properly I just couldn't put spaces in my response here. And my settings look like they're in order.

@skearns : Yes I restarted my elasticsearch after editing the elasticsearch.yml. Do all of the nodes need to have the same elasticsearch.yml for this to work? I am the master node but another coworker has another node and is not here to restart it with an updated config file. If that is the problem then is there a way to remove his node from my instance?
We are working with test data here, so if I have to delete things it's okay.

As watcher runs on the master nodes, the configuration needs to be on all master nodes. So I'd definitely verify that the current master has the configuration. In your case, to detach yourself from the other node, simply shutdown your instance and bring it up again with a new cluster name, e.g.:


Ok, I changed my clustername and it looks like it is proceeding past that error now. Now I'm getting failed to send email with subject [Isnt't this fun?] via account [outlook]. I'm assuming I need to have two stage verfication on and Microsoft's pages are unresponsive at the moment. I'll update again when I can try.

sounds good... looking forward for the update

I fixed my account settings and everything is working as I expect. Thanks for the help!

good to hear... thx for reaching out

Hi @danielmoon / @uboness ,

Good to hear, it worked for you!
I am facing similar issue. Can you please let me know; which account setting you have changed and what are the changes?

I've problems with this configuration

Exception in thread "main" SettingsException[Failed to load settings from [elasticsearch.yml]]; nested: ElasticsearchParseException[malformed, expected end of settings but encountered additional content starting at line number: [102], column number: [1]]; nested: ParserException[expected '', but found BlockMappingStart
in 'reader', line 102, column 1:

I configured like a example but my elasticsearch don't start

I resolved the problem, on the line "" it is necessary a one space, but on the examples dont appears that.