Proper Configuration for SMTP Email Action in Watcher?

Elastic Stack Elasticsearch
1

I've been digging through the forum and the X-Pack Documentation but can't seem to find the right configuration for Watcher to send email through an SMTP connection. The Watch is executing correctly, but it cannot seem to find my configured SMTP email account in the elasticsearch.yml file:

Watch Configuration:

 "actions": {
    "log": {
      "logging": {
        "level": "info",
        "text": "{{ctx.payload.hits.total}} 4634 events have occured in the logs:{{#ctx.payload.hits.hits}}{{_id}}:{{/ctx.payload.hits.hits}}"
      }
    },
    "send_email": {
      "email": {
        "profile": "standard",
        "to": [
          "ccampbell@convexitycapital.com"
        ],
        "subject": "Test Watch Notification",
        "body": {
          "text": "{{ctx.payload.hits.total}} 4634 events have occured in the logs:{{#ctx.payload.hits.hits}}{{_id}}:{{/ctx.payload.hits.hits}}"
        }
      }
    }
  },

Elasticsearch.yml - relevant configuration:

# -------------  XPack Settings
#
xpack.monitoring.enabled: false
xpack.security.enabled: false
#
xpack.notification.email: 
    default_account: smtp_account
    account: 
        smtp_account:
            profile: standard
            smtp:
                host: smtp.xxxx.com
                user: noc@xxxx.com
                from: ccampbell@xxxx.com

Elasticsearch is running on a Windows 2012 server, the SMTP server is an Exchange server, with no authentication requirements. The error in the Watch execution output is:

{
        "id": "send_email",
        "type": "email",
        "status": "failure",
        "reason": "IllegalArgumentException[no account found for name: [null]]"
}

What am I missing? I've tried adding a line '"account": "smtp_account",' into the Watch, but then I get the error '"IllegalArgumentException[no account found for name: [smtp_account]]"'

2

Hi,

It seems like your mail server didn't recognize the user you were using. Though no authentication is required to connect to your server, it might no accept to send mail from "dummy" / "unknown" users.

Do you observe the same behavior with an existing user on this server ?

Best regards,

Charles.w

3

Hey,

did you restart your node (or more important, all the nodes in your cluster), after you did those changes to the YAML configuration file?

Can you paste the output of the following calls?

GET _cat/nodes

GET _nodes?filter_path=**.xpack.notification

Thanks!

--Alex

4

I've only made the changes to one of the Elasticsearch nodes (WINES5-INFR) - that's the same node that I'm working in Kibana on and doing the Watch configuration on. Do I need to restart all 3 nodes ES instances?

GET _cat/nodes

10.1.55.32 54 78 13    mdi - WINES6-INFR
10.1.55.33 49 71 98    mdi * VM-WINES7-INFR
10.1.55.31  9 61 14    mdi - WINES5-INFR

GET _nodes?filter_path=**.xpack.notification

{
  "nodes": {
    "81rn8YPrSlOyNUzPEqsycg": {
      "settings": {
        "xpack": {
          "notification": {
            "email": {
              "account": {
                "smtp_account": {
                  "profile": "standard",
                  "smtp": {
                    "host": "smtp.xxxx.com",
                    "user": "noc@xxxx.com",
                    "from": "ccampbell@xxxx.com"
                  }
                }
              },
              "default_account": "smtp_account"
            }
          }
        }
      }
    }
  }
}
5

That actually is a user on the server - or at least it's a dummy user used by other services in our environment - a valid user name has never been a problem in previous SMTP configuration on our Exchange setup.

6

Ok, I was asking that because in the past I had issues with picky servers on this topic :wink:

1 Like
7

Hey,

yes, that configuration has to be applied on all nodes. Watcher runs on the master node, so this is where the configuration has to exist.

You could have used the cluster update settings API to configure those settings dynamically, but then you have to make sure those settings are persistent, and they require some more time to look them up instead of just peeking into the configuration file.

Hope this helps!

--Alex

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.