Kibana cluster email alerts

Hi,
I have configured monitoring.cluster_alerts.email_notifications.email_address in kibana.yml

in elasticsearch.yml I am using SES

The SES configuration does not allow me to include a from, ES refuses to start if its configured.

The alert emails are sent using the provided address and the TO and the FROM. This works for some destinations but not all. Specifically it does not seem to work with slack.

Is there a way to configure the From address for the cluster_alerts ?

@mutt13y

The reasons the emails are being picked up as spoofed emails is due to the email address that appears in the from address of the system watcher, is different to the actual email address the server is sending from.

Unfortunately there is no way to modify the built-in monitoring Watches to change the from email address to be different from the to address.

However, there is a (not really recommended) workaround. You can disable monitoring alerts, either entirely or by blacklisting a subset of the built-in alerts (see these docs for setting details) and install modified versions of those SM watches manually, and then replace "from": "X-Pack Admin <{{ctx.vars.email_recipient}}>", with "from": "X-Pack Admin <the_email_it_should_come_from@example.com>",. After which you can also configure your email actions

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.