When I try to send sample email or slack message, it fails.
I want to trace the reason in the log file but /var/log/elasticsearch is not being accessible and /var/log/elasticsearch/elasticsearch.log is not showing latest events or info, probably there are multiple log files.
How and where can I access the email / slack related error details?
Also if there is anything I am missing in watcher action configs?
Couple questions watcher is a Gold+ license feature what level license do.you have.
Also have you considered using the new Kibana alerting framework instead of watcher?
Finally you can test watcher via the dev console / or get the last execution using the watcher API if I recall the failed execution / action should be in there.
You can also test it via the watcher screen in Kibana
I have a 30 days trial activated and I am trying to send sample email/slack message from the Watcher screen in Kibana.
I have been using Watcher on ES cloud stack and want to replicate the same on our self-managed stack on EC2.
My question was where can I find the Watcher logs or error details why an email or slack message is failing, or if I am missing some configs?
"error": {
...
"caused_by": {
"type": "s_m_t_p_send_failed_exception",
"reason": "554 Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-1: elasticsearch@ip-x-x-x-x.ec2.internal\n"
}
If you see the email settings in my first post, I think I am missing the 'from' email address which I have verified with AWS SES, where do I specify that please?
It does not go in the account setup... per the link I sent above (Here again)from and reply_to go into the actual Email Action in the Watcher not in the account setup section in the elasticsearch.yml.
404 is not found, sure you dont't have a typo in the slack key / value in the keystore. (It will never show in an error message). ir perhaps Network connectivity... you could try to curl the slack webhook url from the elasticsearch server
curl -X POST -H 'Content-type: application/json' --data '{"text":"Allow me to reintroduce myself!"}' YOUR_WEBHOOK_URL
Also you need to put that in the keystore on EACH elasticsearch node, unlike cloud where we do the propagation for you.
Here is my setup. I like verbose yaml to avoid mistakes.
xpack.notification.slack.account.monitoring.message_defaults.from: x-pack
xpack.notification.slack.account.monitoring.message_defaults.to: notifications
xpack.notification.slack.account.monitoring.message_defaults.icon: http://example.com/images/watcher-icon.jpg
xpack.notification.slack.account.monitoring.message_defaults.attachment.fallback: "X-Pack Notification"
xpack.notification.slack.account.monitoring.message_defaults.attachment.color: "#36a64f"
xpack.notification.slack.account.monitoring.message_defaults.attachment.title: "X-Pack Notification"
xpack.notification.slack.account.monitoring.message_defaults.attachment.title_link: "https://www.elastic.co/guide/en/x-pack/current/index.html"
xpack.notification.slack.account.monitoring.message_defaults.attachment.text: "One of your watches generated this notification."
xpack.notification.slack.account.monitoring.message_defaults.attachment.mrkdwn_in: "pretext, text"
Is there any way to trace what webhook url it is trying to send to? or what url is set in keystore?
Althought the keystore list is showing a key with name 'xpack.notification.slack.account.watcher.secure_url' but not sure about the value.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.