Not able to send email alert from elastic cloud

Elastic Stack Elasticsearch
1

I am using below console command to send email to my official mail id.
I am using simple command : if any any port is down, it should send e-mail.

PUT _xpack/watcher/watch/heartbeat
{
  "trigger": {
    "schedule": {
      "interval": "10s"
    }
  },
  "input": {
    "search": {
      "request": {
        "indices": ".heartbeat-*",
        "types": "doc",
        "body": {
          "query": {
            "match_all": {}
          }
        }
      }
    }
  },
  "condition": {
    "compare":{
      "ctx.payload.hits.hits._source.up": {
        "eq": "false"
      }
    }
  },
  "actions": {
  "send_email" : { 
    "email": {
      "to": "email Id", 
      "subject": "executed", 
      "body": "message" 
    }
  }
 }
}

I have already whitelisted my email Id in cloud, I got whitelisting confirmation mail and I confirmed for whitelisting.
Still I am not able to send mail.
Please help me for sending mail notification.

2

can you paste the output of the Execute Watch API for this watch please?

Thank you!

--Alex

3

@spinscale, below is the output I am getting.

{
  "_id": "heartbeat",
  "_version": 2078,
  "created": false
}

It came as below while running it for the first time.

{
  "_id": "heartbeat",
  "_version": 1,
  "created": true
}
4

This is not the output from the execute watch API. Can you please show what you executed?

5

Sorry Alex. below is what I got when I execute watch API with command:

POST _xpack/watcher/watch/heartbeat/_execute

{
  "_id": "heartbeat_8a22d41d-f108-4ac6-bb07-ac932480dae5-2017-11-14T15:54:30.560Z",
  "watch_record": {
    "watch_id": "heartbeat",
    "state": "execution_not_needed",
    "status": {
      "state": {
        "active": true,
        "timestamp": "2017-11-14T12:52:48.767Z"
      },
      "last_checked": "2017-11-14T15:54:30.560Z",
      "actions": {
        "send_email": {
          "ack": {
            "timestamp": "2017-11-14T12:52:48.767Z",
            "state": "awaits_successful_execution"
          }
        }
      }
    },
    "trigger_event": {
      "type": "manual",
      "triggered_time": "2017-11-14T15:54:30.559Z",
      "manual": {
        "schedule": {
          "scheduled_time": "2017-11-14T15:54:30.559Z"
        }
      }
    },
    "input": {
      "search": {
        "request": {
          "search_type": "query_then_fetch",
          "indices": [
            ".heartbeat-*"
          ],
          "types": [
            "doc"
          ],
          "body": {
            "query": {
              "match_all": {}
            }
          }
        }
      }
    },
    "condition": {
      "compare": {
        "ctx.payload.hits.hits._source.up": {
          "eq": "false"
        }
      }
    },
    "result": {
      "execution_time": "2017-11-14T15:54:30.560Z",
      "execution_duration": 1,
      "input": {
        "type": "search",
        "status": "success",
        "payload": {
          "_shards": {
            "total": 0,
            "failed": 0,
            "successful": 0,
            "skipped": 0
          },
          "hits": {
            "hits": [],
            "total": 0,
            "max_score": 0
          },
          "took": 0,
          "timed_out": false
        },
        "search": {
          "request": {
            "search_type": "query_then_fetch",
            "indices": [
              ".heartbeat-*"
            ],
            "types": [
              "doc"
            ],
            "body": {
              "query": {
                "match_all": {}
              }
            }
          }
        }
      },
      "condition": {
        "type": "compare",
        "status": "success",
        "met": false,
        "compare": {
          "resolved_values": {
            "ctx.payload.hits.hits._source.up": null
          }
        }
      },
      "actions": []
    },
    "messages": []
  }
}
6

The important snippet can be found in the result field

"condition": {
        "type": "compare",
        "status": "success",
        "met": false,
        "compare": {
          "resolved_values": {
            "ctx.payload.hits.hits._source.up": null
          }
        }
      },

There is no object that could be resolved to what you specified. The reason for this is, that hits is an array and you would need to specify a certain element like ctx.payload.hits.hits.0._source.up

I still assuem this is a test, as you dont use a real query or any filtering... the order of your documents is not guaranteed either using a match_all query.

--Alex

7

Hi Alex,

Sorry to interrupt you but still no luck :frowning_face:
I added array index 0 in below code:

PUT _xpack/watcher/watch/heartbeat
{
  "trigger": {
    "schedule": {
      "interval": "1h"
    }
  },
  "input": {
    "search": {
      "request": {
        "indices": ".heartbeat-*",
        "types": "doc",
        "body": {
          "query": {
            "match_all": {}
          }
        }
      }
    }
  },
  "condition": {
    "compare":{
      "ctx.payload.hits.hits.0._source.up": {
        "eq": "false"
      }
    }
  },
  "actions": {
  "send_email" : { 
    "email": {
      "to": "email Id", 
      "subject": "executed", 
      "body": "message" 
    }
  }
 }
}

I am getting exception while executing:

{
  "_id": "heartbeat_d2cfc343-49f6-48ff-9153-dbaf0be63515-2017-11-15T08:19:18.477Z",
  "watch_record": {
    "watch_id": "heartbeat",
    "state": "failed",
    "status": {
      "state": {
        "active": true,
        "timestamp": "2017-11-15T08:18:55.832Z"
      },
      "actions": {
        "send_email": {
          "ack": {
            "timestamp": "2017-11-15T08:18:55.832Z",
            "state": "awaits_successful_execution"
          }
        }
      }
    },
    "trigger_event": {
      "type": "manual",
      "triggered_time": "2017-11-15T08:19:18.477Z",
      "manual": {
        "schedule": {
          "scheduled_time": "2017-11-15T08:19:18.477Z"
        }
      }
    },
    "input": {
      "search": {
        "request": {
          "search_type": "query_then_fetch",
          "indices": [
            ".heartbeat-*"
          ],
          "types": [
            "doc"
          ],
          "body": {
            "query": {
              "match_all": {}
            }
          }
        }
      }
    },
    "condition": {
      "compare": {
        "ctx.payload.hits.hits.0._source.up": {
          "eq": "false"
        }
      }
    },
    "result": {
      "execution_time": "2017-11-15T08:19:18.477Z",
      "execution_duration": 0,
      "input": {
        "type": "search",
        "status": "success",
        "payload": {
          "_shards": {
            "total": 0,
            "failed": 0,
            "successful": 0,
            "skipped": 0
          },
          "hits": {
            "hits": [],
            "total": 0,
            "max_score": 0
          },
          "took": 0,
          "timed_out": false
        },
        "search": {
          "request": {
            "search_type": "query_then_fetch",
            "indices": [
              ".heartbeat-*"
            ],
            "types": [
              "doc"
            ],
            "body": {
              "query": {
                "match_all": {}
              }
            }
          }
        }
      },
      "actions": []
    },
    "exception": {
      "type": "index_out_of_bounds_exception",
      "reason": "Index: 0, Size: 0"
    }
  }
}
8

Hey,

check out your search response (it is included in the execute watch API)

"payload": {
          "_shards": {
            "total": 0,
            "failed": 0,
            "successful": 0,
            "skipped": 0
          },
          "hits": {
            "hits": [],
            "total": 0,
            "max_score": 0
          },
          "took": 0,
          "timed_out": false
        },

There is not hit being returned. Thus you cannot access the hits array without an exception.

9

HI Alex,

Is it possible for you to tell me exactly what should I do?

10

As long as you dont state the use-case you are trying to cover, this is going to be nearly impossible :slight_smile:

11

Yes Alex.

My use-case is very simple. I want to configure watcher to send email on any particular condition.
I can see data coming from my system via beats (in some case, via logstash) to elastic cloud and I can see it in Kibana as well. And my last and imp task is alert mechanism, which I am not able to implement.
I checked few videos and some basic documents from site but not getting luck to make it work.
:frowning:

12

this answer does not cover what the condition is you want to trigger, which in turn then would define what the query is you need to execute - this is basically the crucial part of why I was asking.

Your alerting can only be as good as your queries. If your queries are bad, your alerting will be as well - this is why I am insisting so hard to explain your use-case in order to create a useful query.

Does your query answer the questions your have? I would say no, because right now your query simply returns all documents from indices starting with heartbeat. This will make is impossible to come up with a useful condition or an action from my point of view.

13

Hi Alex,
My first use-case is to send alert when any of the tcp port goes down.
In my case I can see there are 2 pores which are down and want to send alert for the same.

kibana-port down
kibana-port down.JPG1662×541 55.4 KB

14

HI Alex,
it worked!!
I just removed dot(.) appended just before index name.

"input": {
    "search": {
      "request": {
        "indices": "heartbeat-*",
        "types": "doc",
        "body": {
          "query": {
            "match_all": {}
          }
        }
      }
    }
  },

Thank you very much @spinscale for your help! :slight_smile:

1 Like
15

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.