Watcher Email configuration Issue

vbi517 · July 12, 2016, 11:44am

I am getting error like...

{"error":{"root_cause":[{"type":"i_o_exception","reason":"could not parse watch
[log_error_watch]"}],"type":"i_o_exception","reason":"could not parse watch [log
_error_watch]","caused_by":{"type":"json_parse_exception","reason":"Unexpected c
haracter ('"' (code 34)): was expecting comma to separate OBJECT entries\n at [
Source: org.elasticsearch.transport.netty.ChannelBufferStreamInput@7f49033c; lin
e: 12, column: 2]"}},"status":500}

spinscale · July 12, 2016, 1:00pm

Hey,

note that one of you talks about a search input and the other shows examples of a http input, which have different options...

--Alex

vbi517 · July 12, 2016, 1:03pm

Hi Ganeshprabhu/Alex,

I am trying to create watch with search input using following code....

curl -XPUT 'http://localhost:9200/_watcher/watch/log_error_watch' -d '{
"trigger" : { "schedule" : { "interval" : "20s" } },
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
},
"auth": {
"basic": {
"username": "vijaykumar@xyz.com",
"password": "xyz123"
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
},
"actions" : {
"send_email" : {
"email" : {
"to" : "xyz@abc.com",
"subject" : "Watcher Notification",
"body" : "{{ctx.payload.hits.total}} watches took more than 2.5 seconds to execute.",
"attachments" : {
"data_attachments" : {
"data" : {
"format" : "json"
}
}
}
}
}
}
}'

But i am getting error like...
{"error":{"root_cause":[{"type":"parse_exception","reason":"could not parse inpu
t for watch [log_error_watch]. unknown input type [auth]"}],"type":"parse_except
ion","reason":"could not parse input for watch [log_error_watch]. unknown input
type [auth]"},"status":400}

please suggest me with valid inputs....

spinscale · July 12, 2016, 1:08pm

please take your time to read the exceptions. It explains that auth is not an input type, because you mis-structured your JSON. Please use a UI like sense or a JSON formatter to be aware of the structure.

Also please post the output of the execute watch API, once you successfully added the watch and executed it to take a further look.

eds · August 3, 2016, 2:50pm

Greetings!
I'm new to ELK and i need some help.
I'm having the same issue (cannot find default email account), and i don't seem to understand where's my syntax error here?

Elasticsearch log error:
[2016-08-03 17:06:55,980][ERROR][xpack.watcher.actions.email] [Shadowcat] failed to execute action [log_error_watch/send_email]
java.lang.IllegalStateException: cannot find default email account as no accounts have been configured
at org.elasticsearch.xpack.notification.email.Accounts.account(Accounts.java:72)
at org.elasticsearch.xpack.notification.email.InternalEmailService.send(InternalEmailService.java:73)
at org.elasticsearch.xpack.watcher.actions.email.ExecutableEmailAction.execute(ExecutableEmailAction.java:85)
at org.elasticsearch.xpack.watcher.actions.ActionWrapper.execute(ActionWrapper.java:109)
at org.elasticsearch.xpack.watcher.execution.ExecutionService.executeInner(ExecutionService.java:397)
at org.elasticsearch.xpack.watcher.execution.ExecutionService.execute(ExecutionService.java:280)
at org.elasticsearch.xpack.watcher.execution.ExecutionService$WatchExecutionTask.run(ExecutionService.java:450)
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:392)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
[2016-08-03 17:06:57,154][ERROR][xpack.watcher.actions.email] [Shadowcat] failed to execute action [log_error_watch/send_email]
java.lang.IllegalStateException: cannot find default email account as no accounts have been configured
at org.elasticsearch.xpack.notification.email.Accounts.account(Accounts.java:72)

Sense error:
"actions": [
{
"id": "send_email",
"type": "email",
"status": "failure",
"reason": "IllegalStateException[cannot find default email account as no accounts have been configured]"
}
]

=================================
Configuration:
elasticsearch 5.0 alpha 4 + xpack 5.0 alpha + winlogbeat 5.0 alpha 4

YML:
xpack.notification.email.service.account:
exchange_account:
profile: outlook
email_defaults:
from: 'alerts mail@mail.com'
smtp:
auth: true
host: 192.168.1.1
password: mail_pass
port: 587
starttls.enable: true
user: mail@mail.com

Test watcher:
{
"trigger" : { "schedule" : { "interval" : "30s" }},
"input" : {
"search" : {
"request" : {
"indices" : "winlogbeat*",
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
},
"actions" : {
"send_email" : {
"email" : {
"to" : "adm@mail.com",
"subject" : "log error watch",
"body" : "Found {{ctx.payload.hits.total}} errors in the logs"
}
}
}
}

Much thanks!
dmitry

spinscale · August 3, 2016, 3:04pm

Hey,

try xpack.notification.email: instead of xpack.notification.email.service.account: - see https://www.elastic.co/guide/en/x-pack/v5.0.0-alpha4-docs/actions-email.html#configuring-email

--Alex

eds · August 4, 2016, 5:55am

Hi Alex!
Thanks for your response!!
xpack.notification.email: not working.
I'm getting the same error:
cannot find default email account as no accounts have been configured

spinscale · August 4, 2016, 6:14am

Can you please show your exact configuration including indentation? (Just put the config file in three backticks for code formatting, see the markdown specs)... this might help to spot issues

--Alex

eds · August 5, 2016, 6:04am

YML file:

# ---------------------------------- X-Pack -----------------------------------
#
# Disable shield
xpack.security.enabled: false
#
# mail settings
xpack.notification.email:
    exchange_account:
        profile: outlook
        email_defaults:
            from: 'alerts <mail@mail.com>'
        smtp:
            auth: true
            host: 192.168.1.1
            password: mail_pass
            port: 587
            starttls.enable: true
            user: mail@mail.com

spinscale · August 5, 2016, 7:40am

Hey,

can you try xpack.notification.email.account: instead of xpack.notification.email:

--Alex

eds · August 5, 2016, 8:20am

Alex!!! IT'S WORKING!!!
Thanks very much!
YML:

# ---------------------------------- X-Pack -----------------------------------
#
# Disable shield
xpack.security.enabled: false
#
# mail settings
xpack.notification.email.account:
    exchange_account:
        profile: outlook
        email_defaults:
            from: 'alerts <mail@mail.com>'
        smtp:
            auth: false
            host: 192.168.1.1
            # password: mail_pass
            port: 25
            # starttls.enable: true
            # user: mail@mail.com

spinscale · August 5, 2016, 8:57am

very nice!

I will update the documentation to be more exact, so other dont run into this. Thanks for getting back!

--Alex

Watcher Email configuration Issue

================================= Configuration: elasticsearch 5.0 alpha 4 + xpack 5.0 alpha + winlogbeat 5.0 alpha 4

YML: xpack.notification.email.service.account: exchange_account: profile: outlook email_defaults: from: 'alerts mail@mail.com' smtp: auth: true host: 192.168.1.1 password: mail_pass port: 587 starttls.enable: true user: mail@mail.com

=================================
Configuration:
elasticsearch 5.0 alpha 4 + xpack 5.0 alpha + winlogbeat 5.0 alpha 4

YML:
xpack.notification.email.service.account:
exchange_account:
profile: outlook
email_defaults:
from: 'alerts mail@mail.com'
smtp:
auth: true
host: 192.168.1.1
password: mail_pass
port: 587
starttls.enable: true
user: mail@mail.com