Mailing dashborad as PDF using Watcher

Hi All,

I created a dashboard in Kibana and trying to set up a watcher that should send the dashboard as PDF to an email address periodically.

My watcher json is as below:

{
  "trigger": {
    "schedule": {
      "cron": "0 0 12 * * ?"
    }
  },
  "input": {
    "none": {}
  },
  "condition": {
    "always": {}
  },
  "actions": {
    "email_report": {
      "email": {
        "profile": "standard",
        "attachments": {
          "dashboard_report.pdf": {
            "reporting": {
              "url": "https://abc.cde.com:5606/tvelk/api/reporting/generate/printablePdfV2?jobParams=%28browserTimezone%3AAmerica%2FNew_York%2Clayout%3A%28dimensions%3A%28height%3A847.9861450195312%2Cwidth%3A2114.444580078125%29%2Cid%3Apreserve_layout%29%2ClocatorParams%3A%21%28%28id%3ADASHBOARD_APP_LOCATOR%2Cparams%3A%28dashboardId%3A%2791526f50-bd8a-11ef-bc85-d5d6dd51779a%27%2CpreserveSavedFilters%3A%21t%2CtimeRange%3A%28from%3Anow-7d%2Fd%2Cto%3Anow%29%2CuseHash%3A%21f%2CviewMode%3Aview%29%29%29%2CobjectType%3Adashboard%2Ctitle%3A%27Audit%20Dashboard%27%2Cversion%3A%278.7.0%27%29"
            }
          }
        },
        "to": [
          "xyz.abc@efg.com"
        ],
        "subject": "Dashboard Report"
      }
    }
  }
}

When I try to simulate and run the report I get the following error in elasticsearch log:

[2024-12-24T09:37:08,078][WARN ][o.e.c.s.DiagnosticTrustManager] [abc-dd-efg] failed to establish trust with server at [abc-dd-efg]; the server provided a certificate with subject name [CN=Elastic Certificate Tool Autogenerated CA], fingerprint [7c5674fc342fdfd54d65b7920ace706130841c6d], no keyUsage and no extendedKeyUsage; the certificate is valid between [2023-09-15T00:46:18Z] and [2026-09-14T00:46:18Z] (current time is [2024-12-24T14:37:08.078854884Z], certificate dates are valid); the session uses cipher suite [TLS_AES_256_GCM_SHA384] and protocol [TLSv1.3]; the certificate does not have any subject alternative names; the certificate is self-issued; the [CN=Elastic Certificate Tool Autogenerated CA] certificate is not trusted in this ssl context ([(shared) (with trust configuration: JDK-trusted-certs)])

I am using self-signed certs in my setup. I tried to disable ssl verification to false in Kibana as follows but it still did not work:

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
elasticsearch.ssl.verificationMode: none

Can a workaround please be suggested?

We have a platinum license on ELK stack 8.7

Hi @zaeemmasood

Since you have platinum you can always open a support ticket.

That is not the correct setting, that is for Kibana connecting to Elasticsearch.

What you / watcher is doing is Elasticsearch Connecting to Kibana

Please look here

The settings need to be put in the elasticsearch.yml

You either need to set

xpack.http.ssl.verification_mode: none

or provide the path to the CA for the Kibana HTTPS

xpack.http.ssl.certificate_authorities

Thanks.

After I set xpack.http.ssl.verification_mode: none in elasticsearch.yml the following is seen (401 Unauthorized):

[2024-12-24T13:41:09,247][ERROR][o.e.x.w.a.e.ExecutableEmailAction] [ab-cde-fgho] failed to execute action [_inlined_/email_report]
org.elasticsearch.ElasticsearchException: Watch[_inlined_] reporting[dashboard_report.pdf] Error response when trying to trigger reporting generation host[ab-cde-fgho], port[5606] method[POST], path[/cvelk/api/reporting/generate/printablePdfV2], response[status=[401], headers=[[kbn-license-sig: [af1aaabe55301e51c0f8dc4d5141236f17597e67383b65be593e02a1f1b31d16]], [content-type: [application/json; charset=utf-8]], [content-security-policy: [script-src 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self']], [content-length: [66]], [kbn-name: [ab-cde-fgho]], [referrer-policy: [no-referrer-when-downgrade]], [connection: [keep-alive]], [cross-origin-opener-policy: [same-origin]], [keep-alive: [timeout=120]], [x-content-type-options: [nosniff]], [date: [Tue, 24 Dec 2024 18:41:09 GMT]], [cache-control: [private, no-cache, no-store, must-revalidate]]], body=[{"statusCode":401,"error":"Unauthorized","message":"Unauthorized"}]]
        at org.elasticsearch.xpack.watcher.notification.email.attachment.ReportingAttachmentParser.requestReportGeneration(ReportingAttachmentParser.java:335) ~[?:?]
        at org.elasticsearch.xpack.watcher.notification.email.attachment.ReportingAttachmentParser.toAttachment(ReportingAttachmentParser.java:191) ~[?:?]
        at org.elasticsearch.xpack.watcher.notification.email.attachment.ReportingAttachmentParser.toAttachment(ReportingAttachmentParser.java:53) ~[?:?]
        at org.elasticsearch.xpack.watcher.actions.email.ExecutableEmailAction.execute(ExecutableEmailAction.java:73) ~[?:?]
        at org.elasticsearch.xpack.core.watcher.actions.ActionWrapper.execute(ActionWrapper.java:175) ~[?:?]
        at org.elasticsearch.xpack.watcher.execution.ExecutionService.executeInner(ExecutionService.java:560) ~[?:?]
        at org.elasticsearch.xpack.watcher.execution.ExecutionService.execute(ExecutionService.java:342) ~[?:?]
        at org.elasticsearch.xpack.watcher.transport.actions.TransportExecuteWatchAction$1.doRun(TransportExecuteWatchAction.java:193) ~[?:?]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) ~[elasticsearch-8.7.0.jar:?]
        at org.elasticsearch.xpack.watcher.execution.ExecutionService$WatchExecutionTask.run(ExecutionService.java:666) ~[?:?]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:891) ~[elasticsearch-8.7.0.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) ~[?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) ~[?:?]
        at java.lang.Thread.run(Thread.java:1589) ~[?:?]


Please guide.

Thanks

Well, now you need to provide credentials to generate the report.... The 401 is not authorized.

Perhaps refer to the documentation which shows an example

Thanks. I added the following in elasticsearch.yml:

xpack.notification.email.account:
     outlook_account:
         profile: outlook
         smtp:
             auth: true
             starttls.enable: true
             host: prelay.abc.def.net
             port: 25
             user: aa.bb@tif.com

After that I created the following watcher json:

{
  "trigger": {
    "schedule": {
      "interval": "1h"
    }
  },
  "input": {
    "none": {}
  },
  "condition": {
    "always": {}
  },
  "actions": {
    "email_admin": {
      "email": {
        "profile": "standard",
        "attachments": {
          "dash_report.pdf": {
            "reporting": {
              "url": "https://ab.cdf.eft:5606/tvelk/api/reporting/generate/printablePdfV2?jobParams=%28browserTimezone%3AUS%2FEastern%2Clayout%3A%28dimensions%3A%28height%3A427.98614501953125%2Cwidth%3A2133.33349609375%29%2Cid%3Apreserve_layout%29%2ClocatorParams%3A%21%28%28id%3ADASHBOARD_APP_LOCATOR%2Cparams%3A%28dashboardId%3A%279fcea110-c178-11ef-8072-6915c99bf728%27%2CpreserveSavedFilters%3A%21t%2CtimeRange%3A%28from%3Anow-15m%2Cto%3Anow%29%2CuseHash%3A%21f%2CviewMode%3Aview%29%29%29%2CobjectType%3Adashboard%2Ctitle%3A%27Audit%20test%27%2Cversion%3A%278.7.0%27%29",
              "retries": 40,
              "interval": "15s",
              "auth": {
                "basic": {
                  "username": "kib_admin",
                  "password": "::es_redacted::"
                }
              }
            }
          }
        },
        "to": [
          "'Recipient Name <ee.od@tif.com>'"
        ],
        "subject": "Monthly dashboard Report"
      }
    }
  }
}

When I run it now I get the following:

image

Please guide. Note that I have intentionally changed certain parameters (hostname etc) to maintain privacy.

Thanks

You have to put in the password each time

Even if it takes it once, you need to set it every time

So first time I took your exact json above and changed the password to

"password": "mypassword"

I save it .. it works fine...

If then I edit it it comes back with

"password": "::es_redacted::"

If you save it like that you will get the error you got above

but if you put in an actual password it will work.

"password": "mypassword"

It will then save fine

If you want to simulate you need to put the valid password in, leave it there and then simulate...