Hello!
i'm trying to configure elasticsearch for send to slack channel:
my url is like:
as you can see i send the authentication parameter as a GET variable.
configurng watch on advance mode i use this:
"actions": {
"send_trigger": {
"webhook": {
"method": "POST",
"scheme": "https",
"port": 443,
"host": "someslackurl.slack.com",
"path": "/slack_webhook/services/XXXXXXXX/XXXXXXXX/Xxxxxxxx?authentication=8dOnF9XxXYyzZ",
"body": "{ \"text\": \"testing slack integration, was send by {{ctx.payload.hits.total}} errors in past 5 minutes \", \"channel\": \"test-elk\" }",
"headers": {
"Content-type": "application/json"
}
}
}
}
and it works perfectly, but i want configure slack on elasticsearch.yml for use the kibana GUI, u know configure a threshold alert, so i add next lines into elasticsearch.yml:
xpack.watcher.enabled: true
xpack.notification.slack.account.testelk.url: https://someslackurl.slack.com/slack_webhook/services/XXXXXXXX/XXXXXXXX/Xxxxxxxx?authentication=8dOnF9XxXYyzZ
xpack.notification.slack.account.testelk.url.message_defaults.from: "Watcher"
xpack.notification.slack.account.testelk.url.message_defaults.message_defaults.to: "test-elk"
but looks like the authentication parameter is not sending to my slack host, i received 403 error message everytime sends a alerting.
"actions": [
{
"id": "slack_1",
"type": "slack",
"status": "failure",
"slack": {
"account": "testelk",
"sent_messages": [
{
"status": "failure",
"request": {
"host": "someslackurl.slack.com",
"port": -1,
"scheme": "https",
"method": "post",
"headers": {
"Content-Type": "application/json; charset=UTF-8"
},
"body": "{\"channel\":\"test-elk\",\"username\":\"8a1b4e66-54aa-4369-a60d-a9424897e148\",\"text\":\"Testing with a threshold watch\"}"
},
"response": {
"status": 403,
"headers": {
"date": [
"Sat, 06 Apr 2019 16:56:22 GMT"
],
"server": [
"Apache-Coyote/1.1"
],
"content-length": [
"170"
],
"connection": [
"close"
],
"content-type": [
"application/json;charset=UTF-8"
]
},
"body": "{\n \"errorcode\": 403,\n \"errorstring\": \"Forbidden 403\",\n \"erroractor\": \" https://someslackurl.slack.com/slack_webhook/services/XXXXXXXX/XXXXXXXX/Xxxxxxxx\"\n}\n"
},
"to": "test-elk",
"message": {
"from": "8a1b4e66-54aa-4369-a60d-a9424897e148",
"text": "Testing with a threshold watch"
}
}
]
}
}
]
as you can see on url looks like is sending only the url without GET parameters....
i tried to add this authentication parameter on the configuration, but looks like is not possible =/
but, looking into the messages from advance watch i have more parameters on the webhook that permit me send the authentication parameter:
"actions": [
{
"id": "send_trigger",
"type": "webhook",
"status": "success",
"webhook": {
"request": {
"host": "someslackurl.slack.com",
"port": 443,
"scheme": "https",
"method": "post",
"path": "/slack_webhook/services/XXXXXXXX/XXXXXXXX/Xxxxxxxx?authentication=8dOnF9XxXYyzZ",
"headers": {
"Content-type": "application/json"
},
"body": "{ \"text\": \"testing slack integration, was send by 2808 errors in past 5 minutes, avanzado \", \"channel\": \"test-elk\" }"
},
"response": {
"status": 200,
"headers": {
"date": [
"Sat, 06 Apr 2019 16:17:59 GMT"
],
"server": [
"Apache-Coyote/1.1"
],
"vary": [
"Accept-Encoding"
],
"x-frame-options": [
"SAMEORIGIN"
],
"x-via": [
"haproxy-www-aaaa"
],
"strict-transport-security": [
"max-age=31536000; includeSubDomains; preload"
],
"via": [
"1.1 45somenumeryouknowforsecurity.cloudfront.net (CloudFront)"
],
"access-control-allow-origin": [
"*"
],
"referrer-policy": [
"no-referrer"
],
"content-type": [
"text/html"
],
"x-cache": [
"Miss from cloudfront"
],
"x-amz-cf-id": [
"Oq3c8XXXXXXXXXXXXXXXXXXxxxxxxxxxxxxxxxxxxxyyyyyyyyyyyyyyyYYYY=="
]
},
"body": "ok"
}
}
}
]
as you can see on advance mode exist the parameter PATH.....
anyone could add some GET parameters into URL or exist any slack propertie where i can configure this?