Unable to send email via Exchange notification

Elastic Stack Elasticsearch
1

that is my watcher configuration:

"trigger" : {
"schedule" : { "interval" : "24h" }
},
"input" : {
"search" : {
"request" : {
"indices" : [ "index_v2" ],
"body" : {
"size" : 0,
"query" : { "match" : { "sev": "w" }
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
},
"transform" : {
"search" : {
"request" : {
"indices" : "index_v2",
"body" : {
"query" : {
"match" : { "sev": "w" }
}
}
}
}
},
"actions" : {
"email_administrator" : {
"email" : {
"to" : "extern.brouk_badr@company.de",
"subject" : "Encountered {{ctx.payload.hits.total}} errors",
"body" : "Too many error in the system, see attached data",
"attachments" : {
"attached_data" : {
"data" : {
"format" : "json"
}
}
},
"priority" : "high"
}
}
}
}

and this is my elasticsearch.yml configuration:
its work when i use the gmail configuration but if i use the exchange configuration don't work

Gmail Conf:

#xpack.notification.email.account:

#gmail_account:

#profile: gmail

#smtp:

#auth: true

# starttls.enable: true

# host: smtp.gmail.com

# port: 587

# user: xxxxxxxx@gmail.com

# password: xxxxxxxxxxxx

Exchange Conf:

xpack.notification.email.account:
exchange_account:
profile: outlook
email_defaults:
from: badr.brouk@company.com
smtp:
auth: true
starttls.enable: true
host: exchange.company.com <-- am not shur, where i fund host for my company exchange or what else
port: 587
user: badr.brouk@company.com
password: xxxxxxxx

Any idea what could be missing?

2

I moved this over to the x-pack category.

This is not really a watcher specific question, but rather a setup question.

First, ask your administrator that you have the correct SMTP servers,ports, users and passwords configured. After you have done that, try running a watch and either check the output of the execute watch API or check the watch history.

Then please share the output of that, so that we can take a look at the error message.

3

Thanks @spinscale for your answer:
i get the SMTP Server Data from my administrator and configured again the elasticsearch.yml, after that checked the output using execute watch API. Its take a long time to execute and at the end become this message :
{
"statusCode": 504,
"error": "Gateway Time-out",
"message": "Client request timeout"
}

any idea what is the problem?

4

please call the execute watch API from the command line using a HTTP client like curl and paste the output. The above error message stems from kibana it seems.

5 
   {
      "id": "email_administrator",
      "type": "email",
      "status": "failure",
      "error": {
        "root_cause": [
          {
            "type": "messaging_exception",
            "reason": "failed to send email with subject [Encountered 93 errors] via account [exchange_account]"
          }
        ],
        "type": "messaging_exception",
        "reason": "failed to send email with subject [Encountered 93 errors] via account [exchange_account]",
        "caused_by": {
          "type": "authentication_failed_exception",
          "reason": "535 5.7.3 Authentication unsuccessful [HE1PR06CA0133.eurprd06.prod.outlook.com]\n"
        }
      }
    }
  ]
},
6

This indicates an authentication issue against the mailserver, meaning that the provided credentials are rejected.

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.