Kibana 6.2 reporting failing due maximum number of retries

Jay.Dhillon · February 23, 2018, 7:01pm

Everytime there is more than 50+ events found by watcher the email alert fails due to Kibana PDF report.

Receiving error:

Watch[Report15m] reporting[report.pdf]: Aborting due to maximum number of retries hit [6]"

Also Watcher trigger doesn't attach full JSON file for every event but only below:
{
"ctx" : {
"metadata" : {
"color" : "red",
"xpack" : {
"type" : "json"
}
},
"watch_id" : "Report15m",
"payload" : {
"_shards" : {
"total" : 5,
"failed" : 0,
"successful" : 5,
"skipped" : 0
},
"hits" : {
"hits" : [ ],
"total" : 16,
"max_score" : 0.0
},
"took" : 1,
"timed_out" : false
},
"id" : "Report15m_bd48e163-9181-4eee-ad3b-5c1d5d706584-2018-02-23T18:37:33.622Z",
"trigger" : {
"triggered_time" : "2018-02-23T18:37:33.622Z",
"scheduled_time" : "2018-02-23T18:37:33.130Z"
},
"vars" : { },
"execution_time" : "2018-02-23T18:37:33.622Z"
}
}

Parameter used inside attachments:

"Raw Data": {
"data": {
"format": "json"
}
},

Transform field includes below:

"transform": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"Indices"
],
"types": [],
"body": {
"query": {
"match": {
"identity.authorization.action": "Error*"
},
"range": {
"@timestamp": {
"gte": "now-2m"
}
}
}
}
}
}
}

Nathan_Reese · February 23, 2018, 7:27pm

I would recommend increasing the worker timeout. Try setting xpack.reporting.queue.timeout in kibana.yml to 120000.

https://www.elastic.co/guide/en/kibana/current/reporting-settings-kb.html

Jay.Dhillon · February 23, 2018, 8:38pm

Thanks for your input. Suggested parameter didn't seems to do the trick. Found ""retries":" parameter for PDF report and set to 12 tries which seems to work now.

Furthermore, Any suggestions on why attached JSON file not attaching JSON file for every event?

system · March 23, 2018, 8:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.