I am getting error like...
{"error":{"root_cause":[{"type":"i_o_exception","reason":"could not parse watch
[log_error_watch]"}],"type":"i_o_exception","reason":"could not parse watch [log
_error_watch]","caused_by":{"type":"json_parse_exception","reason":"Unexpected c
haracter ('"' (code 34)): was expecting comma to separate OBJECT entries\n at [
Source: org.elasticsearch.transport.netty.ChannelBufferStreamInput@7f49033c; lin
e: 12, column: 2]"}},"status":500}
Hey,
note that one of you talks about a search input and the other shows examples of a http input, which have different options...
--Alex
Hi Ganeshprabhu/Alex,
I am trying to create watch with search input using following code....
curl -XPUT 'http://localhost:9200/_watcher/watch/log_error_watch' -d '{
"trigger" : { "schedule" : { "interval" : "20s" } },
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
},
"auth": {
"basic": {
"username": "vijaykumar@xyz.com",
"password": "xyz123"
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
},
"actions" : {
"send_email" : {
"email" : {
"to" : "xyz@abc.com",
"subject" : "Watcher Notification",
"body" : "{{ctx.payload.hits.total}} watches took more than 2.5 seconds to execute.",
"attachments" : {
"data_attachments" : {
"data" : {
"format" : "json"
}
}
}
}
}
}
}'
But i am getting error like...
{"error":{"root_cause":[{"type":"parse_exception","reason":"could not parse inpu
t for watch [log_error_watch]. unknown input type [auth]"}],"type":"parse_except
ion","reason":"could not parse input for watch [log_error_watch]. unknown input
type [auth]"},"status":400}
please suggest me with valid inputs....
please take your time to read the exceptions. It explains that auth is not an input type, because you mis-structured your JSON. Please use a UI like sense or a JSON formatter to be aware of the structure.
Also please post the output of the execute watch API, once you successfully added the watch and executed it to take a further look.
Greetings!
I'm new to ELK and i need some help.
I'm having the same issue (cannot find default email account), and i don't seem to understand where's my syntax error here?
Elasticsearch log error:
[2016-08-03 17:06:55,980][ERROR][xpack.watcher.actions.email] [Shadowcat] failed to execute action [log_error_watch/send_email]
java.lang.IllegalStateException: cannot find default email account as no accounts have been configured
at org.elasticsearch.xpack.notification.email.Accounts.account(Accounts.java:72)
at org.elasticsearch.xpack.notification.email.InternalEmailService.send(InternalEmailService.java:73)
at org.elasticsearch.xpack.watcher.actions.email.ExecutableEmailAction.execute(ExecutableEmailAction.java:85)
at org.elasticsearch.xpack.watcher.actions.ActionWrapper.execute(ActionWrapper.java:109)
at org.elasticsearch.xpack.watcher.execution.ExecutionService.executeInner(ExecutionService.java:397)
at org.elasticsearch.xpack.watcher.execution.ExecutionService.execute(ExecutionService.java:280)
at org.elasticsearch.xpack.watcher.execution.ExecutionService$WatchExecutionTask.run(ExecutionService.java:450)
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:392)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
[2016-08-03 17:06:57,154][ERROR][xpack.watcher.actions.email] [Shadowcat] failed to execute action [log_error_watch/send_email]
java.lang.IllegalStateException: cannot find default email account as no accounts have been configured
at org.elasticsearch.xpack.notification.email.Accounts.account(Accounts.java:72)
Sense error:
"actions": [
{
"id": "send_email",
"type": "email",
"status": "failure",
"reason": "IllegalStateException[cannot find default email account as no accounts have been configured]"
}
]
Test watcher:
{
"trigger" : { "schedule" : { "interval" : "30s" }},
"input" : {
"search" : {
"request" : {
"indices" : "winlogbeat*",
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
},
"actions" : {
"send_email" : {
"email" : {
"to" : "adm@mail.com",
"subject" : "log error watch",
"body" : "Found {{ctx.payload.hits.total}} errors in the logs"
}
}
}
}
Much thanks!
dmitry
Hey,
try xpack.notification.email: instead of xpack.notification.email.service.account: - see https://www.elastic.co/guide/en/x-pack/v5.0.0-alpha4-docs/actions-email.html#configuring-email
--Alex
Hi Alex!
Thanks for your response!!
xpack.notification.email: not working.
I'm getting the same error:
cannot find default email account as no accounts have been configured
Can you please show your exact configuration including indentation? (Just put the config file in three backticks for code formatting, see the markdown specs)... this might help to spot issues
--Alex
YML file:
# ---------------------------------- X-Pack -----------------------------------
#
# Disable shield
xpack.security.enabled: false
#
# mail settings
xpack.notification.email:
exchange_account:
profile: outlook
email_defaults:
from: 'alerts <mail@mail.com>'
smtp:
auth: true
host: 192.168.1.1
password: mail_pass
port: 587
starttls.enable: true
user: mail@mail.com
Hey,
can you try xpack.notification.email.account: instead of xpack.notification.email:
--Alex
Alex!!! IT'S WORKING!!!
Thanks very much!
YML:
# ---------------------------------- X-Pack -----------------------------------
#
# Disable shield
xpack.security.enabled: false
#
# mail settings
xpack.notification.email.account:
exchange_account:
profile: outlook
email_defaults:
from: 'alerts <mail@mail.com>'
smtp:
auth: false
host: 192.168.1.1
# password: mail_pass
port: 25
# starttls.enable: true
# user: mail@mail.com
very nice!
I will update the documentation to be more exact, so other dont run into this. Thanks for getting back!
--Alex
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.