Watcher log return code 401

Hi all,

I am new to use Watcher to monitor log, I create by elasticsearch documents

$curl -XPUT -u es_admin:iiiiii 'http://localhost:9200/_watcher/watch/log_error_watch' -d '{
    "trigger": {
        "schedule": {
            "interval": "10s"
        }
    },
    "input": {
        "search": {
            "request": {
                "indices": [
                    "logstash-miki-*"
                ],
                "body": {
                    "query": {
                        "match": {
                            "message": "error"
                        }
                    }
                }
            }
        }
    },
    "actions": {
        "log_error": {
            "logging": {
                "text": "Found error log"
            }
        }
    }
}'

Result is

{"_id":"log_error_watch","_version":8420,"created":true}

Then I query Wathc log index

$curl -XGET -u es_admin:iiiiii 'http://localhost:9200/.watch_history-2015.09.07/_search?pretty'`

Some succeed but get 401 status in Cluster Health

  "_index" : ".watch_history-2015.09.07",
  "_type" : "watch_record",
  "_id" : "log_error_watch_23168-2015-09-07T00:00:59.759Z",
  "_score" : 1.0,
  "_source":{"watch_id":"log_error_watch","state":"executed","trigger_event":{"type":"schedule","triggered_time":"2015-09-07T00:00:59.759Z","schedule":{"scheduled_time":"2015-09-07T00:00:59.600Z"}},"input":{"search":{"request":{"search_type":"query_then_fetch","indices":["logs"],"types":[],"body":{"query":{"match":{"message":"error"}}}}}},"condition":{"always":{}},"messages":[],"result":{"execution_time":"2015-09-07T00:00:59.759Z","execution_duration":0,"input":{"type":"search","status":"success","payload":{"_shards":{"total":0,"failed":0,"successful":0},"hits":{"hits":[],"total":0,"max_score":0.0},"took":1,"timed_out":false},"search":{"request":{"search_type":"query_then_fetch","indices":["logs"],"types":[],"template":{"template":{"query":{"match":{"message":"error"}}},"params":{"ctx":{"metadata":null,"watch_id":"log_error_watch","id":"log_error_watch_23168-2015-09-07T00:00:59.759Z","trigger":{"triggered_time":"2015-09-07T00:00:59.759Z","scheduled_time":"2015-09-07T00:00:59.600Z"},"vars":{},"execution_time":"2015-09-07T00:00:59.759Z"}}}}}},"condition":{"type":"always","status":"success","met":true},"actions":[]}}
}, {
  "_index" : ".watch_history-2015.09.07",
  "_type" : "watch_record",
  "_id" : "cluster_health_watch_23168-2015-09-07T00:00:59.759Z",
  "_score" : 1.0,
  "_source":{"watch_id":"cluster_health_watch","state":"executed","trigger_event":{"type":"schedule","triggered_time":"2015-09-07T00:00:59.759Z","schedule":{"scheduled_time":"2015-09-07T00:00:59.600Z"}},"input":{"http":{"request":{"scheme":"http","host":"localhost","port":9200,"method":"get","path":"/_cluster/health","params":{},"headers":{}}}},"condition":{"always":{}},"messages":[],"result":{"execution_time":"2015-09-07T00:00:59.759Z","execution_duration":2,"input":{"type":"http","status":"success","payload":{},"http":{"request":{"host":"localhost","port":9200,"scheme":"http","method":"get","path":"/_cluster/health"},"status_code":401}},"condition":{"type":"always","status":"success","met":true},"actions":[]}}
} 

Is it normally?

Jason

A 401 would seem to suggest there is a problem with your authentication.
What are you using?

Hi Mark,

I query watcher API by "es_admin" (admin), following is details of es_admin, something wrong with my elasticsearch.yml?

$/usr/share/elasticsearch/bin/shield/esusers list
kibana4-server : kibana4_server
allen          : frankyindex,kibana4
franky         : kibana4_monitoring
jason          : kibana4
es_admin       : admin
kibana         : kibana4

$vi /etc/elasticsearch/shield/roles.yml
# All cluster rights
# All operations on all indices
admin:
  cluster: all
  indices:
    '*': all
....
....

is there any idea?