Hi All,
I created a dashboard in Kibana and trying to set up a watcher that should send the dashboard as PDF to an email address periodically.
My watcher json is as below:
{
"trigger": {
"schedule": {
"cron": "0 0 12 * * ?"
}
},
"input": {
"none": {}
},
"condition": {
"always": {}
},
"actions": {
"email_report": {
"email": {
"profile": "standard",
"attachments": {
"dashboard_report.pdf": {
"reporting": {
"url": "https://abc.cde.com:5606/tvelk/api/reporting/generate/printablePdfV2?jobParams=%28browserTimezone%3AAmerica%2FNew_York%2Clayout%3A%28dimensions%3A%28height%3A847.9861450195312%2Cwidth%3A2114.444580078125%29%2Cid%3Apreserve_layout%29%2ClocatorParams%3A%21%28%28id%3ADASHBOARD_APP_LOCATOR%2Cparams%3A%28dashboardId%3A%2791526f50-bd8a-11ef-bc85-d5d6dd51779a%27%2CpreserveSavedFilters%3A%21t%2CtimeRange%3A%28from%3Anow-7d%2Fd%2Cto%3Anow%29%2CuseHash%3A%21f%2CviewMode%3Aview%29%29%29%2CobjectType%3Adashboard%2Ctitle%3A%27Audit%20Dashboard%27%2Cversion%3A%278.7.0%27%29"
}
}
},
"to": [
"xyz.abc@efg.com"
],
"subject": "Dashboard Report"
}
}
}
}
When I try to simulate and run the report I get the following error in elasticsearch log:
[2024-12-24T09:37:08,078][WARN ][o.e.c.s.DiagnosticTrustManager] [abc-dd-efg] failed to establish trust with server at [abc-dd-efg]; the server provided a certificate with subject name [CN=Elastic Certificate Tool Autogenerated CA], fingerprint [7c5674fc342fdfd54d65b7920ace706130841c6d], no keyUsage and no extendedKeyUsage; the certificate is valid between [2023-09-15T00:46:18Z] and [2026-09-14T00:46:18Z] (current time is [2024-12-24T14:37:08.078854884Z], certificate dates are valid); the session uses cipher suite [TLS_AES_256_GCM_SHA384] and protocol [TLSv1.3]; the certificate does not have any subject alternative names; the certificate is self-issued; the [CN=Elastic Certificate Tool Autogenerated CA] certificate is not trusted in this ssl context ([(shared) (with trust configuration: JDK-trusted-certs)])
I am using self-signed certs in my setup. I tried to disable ssl verification to false in Kibana as follows but it still did not work:
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
elasticsearch.ssl.verificationMode: none
Can a workaround please be suggested?
We have a platinum license on ELK stack 8.7
stephenb
(Stephen Brown)
December 24, 2024, 6:18pm
2
Hi @zaeemmasood
Since you have platinum you can always open a support ticket.
That is not the correct setting, that is for Kibana connecting to Elasticsearch.
What you / watcher is doing is Elasticsearch Connecting to Kibana
Please look here
The settings need to be put in the elasticsearch.yml
You either need to set
xpack.http.ssl.verification_mode: none
or provide the path to the CA for the Kibana HTTPS
xpack.http.ssl.certificate_authorities
Thanks.
After I set xpack.http.ssl.verification_mode: none
in elasticsearch.yml the following is seen (401 Unauthorized):
[2024-12-24T13:41:09,247][ERROR][o.e.x.w.a.e.ExecutableEmailAction] [ab-cde-fgho] failed to execute action [_inlined_/email_report]
org.elasticsearch.ElasticsearchException: Watch[_inlined_] reporting[dashboard_report.pdf] Error response when trying to trigger reporting generation host[ab-cde-fgho], port[5606] method[POST], path[/cvelk/api/reporting/generate/printablePdfV2], response[status=[401], headers=[[kbn-license-sig: [af1aaabe55301e51c0f8dc4d5141236f17597e67383b65be593e02a1f1b31d16]], [content-type: [application/json; charset=utf-8]], [content-security-policy: [script-src 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self']], [content-length: [66]], [kbn-name: [ab-cde-fgho]], [referrer-policy: [no-referrer-when-downgrade]], [connection: [keep-alive]], [cross-origin-opener-policy: [same-origin]], [keep-alive: [timeout=120]], [x-content-type-options: [nosniff]], [date: [Tue, 24 Dec 2024 18:41:09 GMT]], [cache-control: [private, no-cache, no-store, must-revalidate]]], body=[{"statusCode":401,"error":"Unauthorized","message":"Unauthorized"}]]
at org.elasticsearch.xpack.watcher.notification.email.attachment.ReportingAttachmentParser.requestReportGeneration(ReportingAttachmentParser.java:335) ~[?:?]
at org.elasticsearch.xpack.watcher.notification.email.attachment.ReportingAttachmentParser.toAttachment(ReportingAttachmentParser.java:191) ~[?:?]
at org.elasticsearch.xpack.watcher.notification.email.attachment.ReportingAttachmentParser.toAttachment(ReportingAttachmentParser.java:53) ~[?:?]
at org.elasticsearch.xpack.watcher.actions.email.ExecutableEmailAction.execute(ExecutableEmailAction.java:73) ~[?:?]
at org.elasticsearch.xpack.core.watcher.actions.ActionWrapper.execute(ActionWrapper.java:175) ~[?:?]
at org.elasticsearch.xpack.watcher.execution.ExecutionService.executeInner(ExecutionService.java:560) ~[?:?]
at org.elasticsearch.xpack.watcher.execution.ExecutionService.execute(ExecutionService.java:342) ~[?:?]
at org.elasticsearch.xpack.watcher.transport.actions.TransportExecuteWatchAction$1.doRun(TransportExecuteWatchAction.java:193) ~[?:?]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) ~[elasticsearch-8.7.0.jar:?]
at org.elasticsearch.xpack.watcher.execution.ExecutionService$WatchExecutionTask.run(ExecutionService.java:666) ~[?:?]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:891) ~[elasticsearch-8.7.0.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) ~[?:?]
at java.lang.Thread.run(Thread.java:1589) ~[?:?]
Please guide.
Thanks
stephenb
(Stephen Brown)
December 24, 2024, 7:01pm
4
Well, now you need to provide credentials to generate the report.... The 401 is not authorized.
Perhaps refer to the documentation which shows an example
Thanks. I added the following in elasticsearch.yml:
xpack.notification.email.account:
outlook_account:
profile: outlook
smtp:
auth: true
starttls.enable: true
host: prelay.abc.def.net
port: 25
user: aa.bb@tif.com
After that I created the following watcher json:
{
"trigger": {
"schedule": {
"interval": "1h"
}
},
"input": {
"none": {}
},
"condition": {
"always": {}
},
"actions": {
"email_admin": {
"email": {
"profile": "standard",
"attachments": {
"dash_report.pdf": {
"reporting": {
"url": "https://ab.cdf.eft:5606/tvelk/api/reporting/generate/printablePdfV2?jobParams=%28browserTimezone%3AUS%2FEastern%2Clayout%3A%28dimensions%3A%28height%3A427.98614501953125%2Cwidth%3A2133.33349609375%29%2Cid%3Apreserve_layout%29%2ClocatorParams%3A%21%28%28id%3ADASHBOARD_APP_LOCATOR%2Cparams%3A%28dashboardId%3A%279fcea110-c178-11ef-8072-6915c99bf728%27%2CpreserveSavedFilters%3A%21t%2CtimeRange%3A%28from%3Anow-15m%2Cto%3Anow%29%2CuseHash%3A%21f%2CviewMode%3Aview%29%29%29%2CobjectType%3Adashboard%2Ctitle%3A%27Audit%20test%27%2Cversion%3A%278.7.0%27%29",
"retries": 40,
"interval": "15s",
"auth": {
"basic": {
"username": "kib_admin",
"password": "::es_redacted::"
}
}
}
}
},
"to": [
"'Recipient Name <ee.od@tif.com>'"
],
"subject": "Monthly dashboard Report"
}
}
}
}
When I run it now I get the following:
Please guide. Note that I have intentionally changed certain parameters (hostname etc) to maintain privacy.
Thanks
stephenb
(Stephen Brown)
December 25, 2024, 6:58am
6
You have to put in the password
each time
Even if it takes it once, you need to set it every time
So first time I took your exact json above and changed the password to
"password": "mypassword"
I save it .. it works fine...
If then I edit it it comes back with
"password": "::es_redacted::"
If you save it like that you will get the error you got above
but if you put in an actual password it will work.
"password": "mypassword"
It will then save fine
If you want to simulate you need to put the valid password in, leave it there and then simulate...