Watcher error when force executing

Hi - I noticed this error when attempting to force execute a watcher that triggers out the alert to our monitoring tool - Nagios.

could not parse [webhook] action [inlined/notify-nagios]. failed parsing http request template

It was working until recently. We upgraded Elastic from v7.13 to v7/16 recently. Could it be anything to do with enhancements to watchers? We also enabled TLS communication for all HTTP communication with Elastic recently. Couldn't find anything related to it in the release notes from elastic.

Here is the watcher definition:

{
  "trigger": {
    "schedule": {
      "interval": "1m"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "heartbeat-*"
        ],
        "rest_total_hits_as_int": true,
        "body": {
          "size": 0,
          "query": {
            "bool": {
              "must": [
                {
                  "term": {
                    "monitor.status": {
                      "value": "down"
                    }
                  }
                }
              ],
              "filter": [
                {
                  "range": {
                    "@timestamp": {
                      "from": "now-4m"
                    }
                  }
                }
              ]
            }
          },
          "aggregations": {
            "by_monitors": {
              "terms": {
                "field": "monitor.name",
                "size": 10,
                "min_doc_count": 1
              }
            }
          }
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.hits.total": {
        "gte": 4
      }
    }
  },
  "actions": {
    "notify-nagios": {
      "webhook": {
        "scheme": "https",
        "host": "monitoringhost",
        "port": 443,
        "method": "post",
        "path": "/nrdp/",
        "params": {
          "cmd": "submitcheck",
          "token": "NBT3L0kpNTvpQK9443CulVoct"
        },
        "headers": {
          "Accept": "application/json",
          "Content-Type": "application/x-www-form-urlencoded"
        },
        "auth": {
          "basic": {
            "username": "bofawebapps",
            "password": "::es_redacted::"
          }
        },
        "body": """json={"checkresults": [{"checkresult": {"type": "service"},"hostname": "test-platform","servicename": "test Service Health Check Alert","state": "2","output": "Critical -> test.0 Health Check Alert: {{ctx.payload.hits.total}} Health endpoint(s) is/are not responding in the last minute. Please check Kibana uptime dashboard for the failed health endpoints at https%3A%2F%2Fkibana.bofadm.com%2Fapp%2Fuptime%23%2Fapp%2Fuptime%2F%3FdateRangeStart%3Dnow-1h%26statusFilter%3Ddown "}]}"""
      }
    }
  }
}

can you share the full exception including stack trace and message if available?

Thanks!

It's resolved now, seems like the error msg was throwing me off into the wrong direction when all I had to do was fill up the redacted pwd before simulating. Thanks for the response though.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.