Simple Watcher Webhook

Hi Team

I am using Elastic Hosted and trying to create a simple Watcher Webhook alert and I cannot find an example anywhere of using the kibana interface of a simple Webhook using the UI. Can anyone point me in the direction of this? The documentation refers to more complex Json. I assume I am missing something obvious but there are no examples or samples of using the kibana Watcher webhook UI.

I want to see if I can train some of the team to be able to customise easily but there are not examples and no matter what I try I get the following error.

[instance-0000000002] failed to execute action [inlined/webhook_1] java.net.UnknownHostException: https: Name or service not known at java.net.Inet4AddressImpl.lookupAllHostAddr(Native Method) ~[?:?] at java.net.InetAddress$PlatformNameService.lookupAllHostAddr(InetAddress.java:929) ~[?:?] at java.net.InetAddress.getAddressesFromNameService(InetAddress.java:1515) ~[?:?] at java.net.InetAddress$NameServiceAddresses.get(InetAddress.java:848) ~[?:?] at java.net.InetAddress.getAllByName0(InetAddress.java:1505) ~[?:?] at java.net.InetAddress.getAllByName(InetAddress.java:1364) ~[?:?] at java.net.InetAddress.getAllByName(InetAddress.java:1298) ~[?:?] at org.apache.http.impl.conn.SystemDefaultDnsResolver.resolve(SystemDefaultDnsResolver.java:45) ~[httpclient-4.5.8.jar:4.5.8] at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:112) ~[httpclient-4.5.8.jar:4.5.8] at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374) ~[httpclient-4.5.8.jar:4.5.8] at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) ~[httpclient-4.5.8.jar:4.5.8] at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.5.8.jar:4.5.8] at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) ~[httpclient-4.5.8.jar:4.5.8] at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.8.jar:4.5.8] at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.8.jar:4.5.8] at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.8.jar:4.5.8] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72) ~[httpclient-4.5.8.jar:4.5.8] at org.elasticsearch.xpack.watcher.common.http.HttpClient.lambda$execute$1(HttpClient.java:242) ~[?:?] at java.security.AccessController.doPrivileged(Native Method) ~[?:?] at org.elasticsearch.xpack.core.common.socket.SocketAccess.doPrivileged(SocketAccess.java:32) ~[x-pack-core-7.3.1.jar:7.3.1] at org.elasticsearch.xpack.watcher.common.http.HttpClient.execute(HttpClient.java:242) ~[?:?] at org.elasticsearch.xpack.watcher.actions.webhook.ExecutableWebhookAction.execute(ExecutableWebhookAction.java:42) ~[?:?] at org.elasticsearch.xpack.core.watcher.actions.ActionWrapper.execute(ActionWrapper.java:163) [x-pack-core-7.3.1.jar:7.3.1] at org.elasticsearch.xpack.watcher.execution.ExecutionService.executeInner(ExecutionService.java:516) [x-pack-watcher-7.3.1.jar:7.3.1] at org.elasticsearch.xpack.watcher.execution.ExecutionService.execute(ExecutionService.java:309) [x-pack-watcher-7.3.1.jar:7.3.1] at org.elasticsearch.xpack.watcher.transport.actions.execute.TransportExecuteWatchAction$1.doRun(TransportExecuteWatchAction.java:159) [x-pack-watcher-7.3.1.jar:7.3.1] at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-7.3.1.jar:7.3.1] at org.elasticsearch.xpack.watcher.execution.ExecutionService$WatchExecutionTask.run(ExecutionService.java:605) [x-pack-watcher-7.3.1.jar:7.3.1] at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:688) [elasticsearch-7.3.1.jar:7.3.1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?] at java.lang.Thread.run(Thread.java:834) [?:?]

Hi Adam, there are a couple possible causes of this error.

  1. DNS lookup could have failed. Can you try using the IP address directly instead of the domain-name-based URL?
  2. The error also looks like the watch webhook you're trying to execute has https specified as the host. Would you mind sharing your webhook configuration, with private details obfuscated? Thanks.

CJ

Hi there

Here is my configuration it's a simple zendesk post request. Using basic auth I can make this request with curl so I am assuming I am missing something? Do I need to add anything in xpack?

Hi Hopefully not bugging you but I put the zendesk details in the following reply.

Hey Adam, sorry for the late reply. This is a flaw in our current UI, tracked here: https://github.com/elastic/kibana/issues/44004. The problem is that the "Host" field exposed by the UI does not accept a URI; it only accepts a host. So in this case, it would only accept "xxx.zendesk.com", and it would default to using "http" as the scheme. We need to update the UI with a "Scheme" field so that you can also choose "https".