Trying to configure the Watcher within the ELK

Version: 8.6.2

Trying to configure the o365 password within keystore using the below command as defined in the doc:

bin/elasticsearch-keystore add

Getting the alert elasticsearch-keystore command not found
Any help woudl be appreciated

Are you on linux? Windows? Do you realize the command needs to be run from the directory just above the bin directory?

For example:

bash-3.2$ pwd
bash-3.2$ bin/elasticsearch-keystore --help
A tool for managing settings stored in the elasticsearch keystore

create - Creates a new elasticsearch keystore
list - List entries in the keystore
show - Show a value from the keystore
add - Add string settings to the keystore
add-file - Add a file setting to the keystore
remove - Remove settings from the keystore
upgrade - Upgrade the keystore format
passwd - Changes the password of a keystore
has-passwd - Succeeds if the keystore exists and is password-protected, fails with exit code 1 otherwise.

Non-option arguments:

Option             Description
------             -----------
-E <KeyValuePair>  Configure a setting
-h, --help         Show help
-s, --silent       Show minimal output
-v, --verbose      Show verbose output

Thanks for the response @richcollier
Mine is a ECE setup and somehow I am not able to get the elasticsearch-keystore command to work
I could observe 3 different locations where the keystore is created

[root@S1GZELKLCOR01 bin]# cd /var/lib/docker/overlay2/bf9a571809ac1e8f1d97b5d59ca76e468ff57d9d1368ef713f44367457a79792/diff/usr/share/elasticsearch/bin/

running the elasticsearch-keystore command from the /bin returns
bash: elasticsearch-keystore: command not found...

I recently just upgraded to the v8.6.2 version from the GUI interface

On further research I was able to notice that we could configure the keystore from the GUI
ECE-> Deployments-> Security-> Elastic key Store

here just want to check if I am providing the correct key value for the O365
The secret I guess would be the account password

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.