Watcher alert and email alert

Hi team,

I configured email alert in ConfigMap.yml (Elasticsearch.yml file) with below components
xpack.watcher.enabled: true
xpack.notification.email.account:
apple_account:
profile: apple
smtp:
auth: true
starttls.enable: true
host: bz.apple.com
port: 25
user: smende@apple.com

After that I deployed in Kubernetes by using Kubectl apply -f es-master
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
es-master-0 1/2 CrashLoopBackOff 3 99s

while checking logs
$ kubectl logs -f es-master-0 -c es-master

OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.

Exception in thread "main" 2019-10-11 05:32:57,681 main ERROR No Log4j 2 configuration file found. Using default configuration (logging only errors to the console), or user programmatically provided configurations. Set system property 'log4j2.debug' to show Log4j 2 internal initialization logging. See https://logging.apache.org/log4j/2.x/manual/configuration.html for instructions on how to configure Log4j 2

ElasticsearchParseException[null-valued setting found for key [xpack.notification.email.account] found at line number [16], column number [34]]

at org.elasticsearch.common.settings.Settings.validateValue(Settings.java:736)

at org.elasticsearch.common.settings.Settings.fromXContent(Settings.java:700)

at org.elasticsearch.common.settings.Settings.fromXContent(Settings.java:650)

at org.elasticsearch.common.settings.Settings.access$500(Settings.java:82)

at org.elasticsearch.common.settings.Settings$Builder.loadFromStream(Settings.java:1135)

at org.elasticsearch.common.settings.Settings$Builder.loadFromPath(Settings.java:1112)

at org.elasticsearch.node.InternalSettingsPreparer.prepareEnvironment(InternalSettingsPreparer.java:100)

at org.elasticsearch.cli.EnvironmentAwareCommand.createEnv(EnvironmentAwareCommand.java:95)

at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)

at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)

at org.elasticsearch.cli.Command.main(Command.java:90)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93)

I am facing the above error , Could you please help me out on this . how configure the email alert.

Thanks,
shivudu.M

can you share the exact yaml file in a gist, so that the indendation of the configuration YAML file is preserved?

also, can you share the elasticsearch version and the java version you are using?

Thanks!

Elasticsearch version: 6.7.0
java version "1.8.0_171"

Java(TM) SE Runtime Environment (build 1.8.0_171-b11)

Java HotSpot(TM) 64-Bit Server VM (build 25.171-b11, mixed mode)

Elasticsearch.yaml file

elasticsearch.yml: |
cluster.name: gbi-rno1-cluster
node.master: true
node.data: false
node.name: gbi-es-master
node.ingest: false
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["es-coordinating","es-master","es-data"]
discovery.zen.minimum_master_nodes: 1
thread_pool.search.queue_size: 10000
node.ml: false
xpack.security.enabled: false
xpack.ml.enabled: true
search.max_buckets: 10000
xpack.watcher.enabled: true
xpack.notification.email.account:
apple_account:
profile: apple
smtp:
auth: true
starttls.enable: true
host: bz.apple.com
port: 25
user: smende@apple.com

could you please suggest on this.

again, this snippet has lost its indentation, which is really important. this is why I asked for a gist. The information here is not too help and also does not help for local reproduction.

please check below code image ..(its commented)

give correct code formate and whether am I following right or not??

I wanted a real code snippet to copy and paste and try locally. I cannot try this with an image, so I am just unable to help, I'm sorry.

Also, this looks not like a real YAML file, but as if some templating mechanism constructs a YAML file out of that. Unless I get to see the final YAML file that is used with elasticsearch I will not be able to help further.

Hi ,

Now can you check this complete file.

Hi ,

Now can you check this complete file.

(Attachment elasticsearch.yml is missing)

please check your mail

apiVersion: v1
kind: ConfigMap
metadata:
name: es-master
labels:
zone: rno1
role: master
data:
elasticsearch.yml: |
cluster.name: gbi-rno1-cluster
node.master: true
node.data: false
node.name: gbi-es-master
node.ingest: false
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["es-coordinating","es-master","es-data"]
discovery.zen.minimum_master_nodes: 1
thread_pool.search.queue_size: 10000
node.ml: false
xpack.security.enabled: false
xpack.ml.enabled: true
search.max_buckets: 10000
xpack.watcher.enabled: true
#xpack.notification.email.account:
#apple_account:
#profile: apple
#smtp:
#auth: true
#starttls.enable: true
#host: bz.apple.com
#port: 25
#user: smende@apple.com
log4j2.properties: |
status = error
dest = err
name = PopertiesConfig
property.logDir = /usr/share/elasticsearch/data/elasticsearch
appender.console.type = Console
appender.console.name = STDOUT
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
appender.rolling.type = RollingFile
appender.rolling.name = RollingFile
appender.rolling.fileName = {logDir}/es-master.log appender.rolling.filePattern = {logDir}/es-master-%d{MM-dd-yy-HH-mm-ss}-%i.log.gz
appender.rolling.layout.type = PatternLayout
appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
appender.rolling.policies.type = Policies
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 2400
appender.rolling.policies.time.modulate = true
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling.policies.size.size = 25MB
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.action.type = Delete
appender.rolling.strategy.action.basePath = ${logDir}
appender.rolling.strategy.action.maxDepth = 1
# Delete files older than 30 days.
appender.rolling.strategy.action.ageCondition.type = IfLastModified
appender.rolling.strategy.action.ageCondition.age = 30D
# With filenames matching the glob expression "*.log.gz".
appender.rolling.strategy.action.pathCondition.type = IfFileName
appender.rolling.strategy.action.pathCondition.glob = *.log.gz
appender.console.filter.threshold.type = ThresholdFilter
appender.console.filter.threshold.level = info
logger.console.name = STDOUT
logger.console.level = info
logger.console.appenderRef.console.ref = STDOUT
logger.rolling.name = RollingFile
logger.rolling.level = info
logger.rolling.appenderRef.rolling.ref = RollingFile
rootLogger.level = info
rootLogger.appenderRef.console.ref = STDOUT
rootLogger.appenderRef.rolling.ref = RollingFile

network.host: 0.0.0.0

http.port: 9200

discovery.zen.ping.unicast.hosts: ["es-coordinating","es-master","es-data"]

discovery.zen.minimum_master_nodes: 1

thread_pool.search.queue_size: 10000

node.ml: false

xpack.security.enabled: false

xpack.ml.enabled: true

search.max_buckets: 10000

xpack.watcher.enabled: true 

#xpack.notification.email.account:

#apple_account:

    #profile: apple

    #smtp:

        #auth: true

        #starttls.enable: true

        #host: bz.apple.com 

        #port: 25

        #user: smende@apple.com

log4j2.properties: |

status = error

dest = err

name = PopertiesConfig

property.logDir = /usr/share/elasticsearch/data/elasticsearch

appender.console.type = Console

appender.console.name = STDOUT

appender.console.layout.type = PatternLayout

appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n

appender.rolling.type = RollingFile

appender.rolling.name = RollingFile

appender.rolling.fileName = ${logDir}/es-master.log

appender.rolling.filePattern = ${logDir}/es-master-%d{MM-dd-yy-HH-mm-ss}-%i.log.gz

appender.rolling.layout.type = PatternLayout

appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n

appender.rolling.policies.type = Policies

appender.rolling.policies.time.type = TimeBasedTriggeringPolicy

appender.rolling.policies.time.interval = 2400

appender.rolling.policies.time.modulate = true

appender.rolling.policies.size.type = SizeBasedTriggeringPolicy

appender.rolling.policies.size.size = 25MB

appender.rolling.strategy.type = DefaultRolloverStrategy

appender.rolling.strategy.action.type = Delete

appender.rolling.strategy.action.basePath = ${logDir}

appender.rolling.strategy.action.maxDepth = 1

# Delete files older than 30 days.

appender.rolling.strategy.action.ageCondition.type = IfLastModified

appender.rolling.strategy.action.ageCondition.age = 30D

# With filenames matching the glob expression "*.log.gz".

appender.rolling.strategy.action.pathCondition.type = IfFileName

appender.rolling.strategy.action.pathCondition.glob = *.log.gz

appender.console.filter.threshold.type = ThresholdFilter

appender.console.filter.threshold.level = info

logger.console.name = STDOUT

logger.console.level = info

logger.console.appenderRef.console.ref = STDOUT

logger.rolling.name = RollingFile

logger.rolling.level = info

logger.rolling.appenderRef.rolling.ref = RollingFile

rootLogger.level = info

rootLogger.appenderRef.console.ref = STDOUT

rootLogger.appenderRef.rolling.ref = RollingFile

above one is correct code , So could you please look into it and help me out

Hi Team ,

how can I configured the email alert in elk.