Kibana 6.2 reporting failing due maximum number of retries

Everytime there is more than 50+ events found by watcher the email alert fails due to Kibana PDF report.

Receiving error:

Watch[Report15m] reporting[report.pdf]: Aborting due to maximum number of retries hit [6]"

Also Watcher trigger doesn't attach full JSON file for every event but only below:
{
"ctx" : {
"metadata" : {
"color" : "red",
"xpack" : {
"type" : "json"
}
},
"watch_id" : "Report15m",
"payload" : {
"_shards" : {
"total" : 5,
"failed" : 0,
"successful" : 5,
"skipped" : 0
},
"hits" : {
"hits" : [ ],
"total" : 16,
"max_score" : 0.0
},
"took" : 1,
"timed_out" : false
},
"id" : "Report15m_bd48e163-9181-4eee-ad3b-5c1d5d706584-2018-02-23T18:37:33.622Z",
"trigger" : {
"triggered_time" : "2018-02-23T18:37:33.622Z",
"scheduled_time" : "2018-02-23T18:37:33.130Z"
},
"vars" : { },
"execution_time" : "2018-02-23T18:37:33.622Z"
}
}

Parameter used inside attachments:

"Raw Data": {
"data": {
"format": "json"
}
},

Transform field includes below:

"transform": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"Indices"
],
"types": [],
"body": {
"query": {
"match": {
"identity.authorization.action": "Error*"
},
"range": {
"@timestamp": {
"gte": "now-2m"
}
}
}
}
}
}
}

I would recommend increasing the worker timeout. Try setting xpack.reporting.queue.timeout in kibana.yml to 120000.

https://www.elastic.co/guide/en/kibana/current/reporting-settings-kb.html

Thanks for your input. Suggested parameter didn't seems to do the trick. Found ""retries":" parameter for PDF report and set to 12 tries which seems to work now.

Furthermore, Any suggestions on why attached JSON file not attaching JSON file for every event?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.