HI,
I want to create new threshold alert and alert should send via slack. I have configured my slack webhook URL on elasticsearch.yml. when i try to send sample i'm below error,
watcher:failed to send sample slack message to user
can you share the full output of the Execute Watch API of that particular watch please? Thank you!
Thanks for your reply
when i run the below command i got this response,
curl -XPOST "http://localhost:9200/_xpack/watcher/watch/55dffc80-aae3-41e0-a555-08cec8aab1a5/_execute"
{"_id":"55dffc80-aae3-41e0-a555-08cec8aab1a5_7f50223d-e204-4eb2-8210-beaab5f6e210-2018-10-16T11:29:02.139Z","watch_record":{"watch_id":"55dffc80-aae3-41e0-a555-08cec8aab1a5","node":"XIqSqBYTQQWQC1lBbTWepw","state":"executed","status":{"state":{"active":true,"timestamp":"2018-10-16T11:28:05.092Z"},"last_checked":"2018-10-16T11:29:02.139Z","last_met_condition":"2018-10-16T11:29:02.139Z","actions":{"slack_1":{"ack":{"timestamp":"2018-10-16T11:28:05.092Z","state":"awaits_successful_execution"},"last_execution":{"timestamp":"2018-10-16T11:29:02.139Z","successful":false,"reason":""}}},"execution_state":"executed","version":1},"trigger_event":{"type":"manual","triggered_time":"2018-10-16T11:29:02.139Z","manual":{"schedule":{"scheduled_time":"2018-10-16T11:29:02.139Z"}}},"input":{"search":{"request":{"search_type":"query_then_fetch","indices":["lomo-nemo-report-*"],"types":[],"body":{"size":0,"query":{"bool":{"filter":{"range":{"@timestamp":{"gte":"{{ctx.trigger.scheduled_time}}||-5m","lte":"{{ctx.trigger.scheduled_time}}","format":"strict_date_optional_time||epoch_millis"}}}}}}}}},"condition":{"script":{"source":"if (ctx.payload.hits.total > params.threshold) { return true; } return false;","lang":"painless","params":{"threshold":4}}},"metadata":{"name":"testing","watcherui":{"trigger_interval_unit":"m","agg_type":"count","time_field":"@timestamp","trigger_interval_size":1,"term_size":5,"time_window_unit":"m","threshold_comparator":">","term_field":null,"index":["lomo-nemo-report-*"],"time_window_size":5,"threshold":4,"agg_field":null},"xpack":{"type":"threshold"}},"result":{"execution_time":"2018-10-16T11:29:02.139Z","execution_duration":27,"input":{"type":"search","status":"success","payload":{"_shards":{"total":30,"failed":0,"successful":30,"skipped":0},"hits":{"hits":[],"total":21,"max_score":0.0},"took":4,"timed_out":false},"search":{"request":{"search_type":"query_then_fetch","indices":["lomo-nemo-report-*"],"types":[],"body":{"size":0,"query":{"bool":{"filter":{"range":{"@timestamp":{"gte":"2018-10-16T11:29:02.139Z||-5m","lte":"2018-10-16T11:29:02.139Z","format":"strict_date_optional_time||epoch_millis"}}}}}}}}},"condition":{"type":"script","status":"success","met":true},"transform":{"type":"script","status":"success","payload":{"result":21}},"actions":[{"id":"slack_1","type":"slack","status":"failure","slack":{"account":"monitoring","sent_messages":[{"status":"failure","error":{"root_cause":[{"type":"unknown_host_exception","reason":"hooks.slack.com: Name or service not known"}],"type":"unknown_host_exception","reason":"hooks.slack.com: Name or service not known"},"to":"Ganesh Elangovan","message":{"from":"Watcher","text":"Watch [testing] has exceeded the threshold"}}]}}]},"messages":[]}}
Check out this snippet:
This means, that somehow the system the watch is being executed on, cannot resolve hooks.slack.com via its DNS configuration. Could you verify that?
--Alex
how could i verify it @spinscale
logging into the system and using nslookup or host and try to resolve that slack hostname.
Thank you for your response @spinscale
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.