Watcher Notifications via email and Slack

Mauricio_Borges · October 30, 2019, 6:21pm

Hi Everyone!
I am using ELK via Docker Compose and I am interesting to setup Watcher Notifications via email and integrated with Slack. Any step by step procedure to I achieve that ?

When I set commented lines below from elasticsearch.yml Kibana stay inaccessible I need setup my local server that has posfix workfing fine and relaying our outbounding messages. So idea here is not setup gmail, aws or outlook.

I am using any wrong parameter ?

xpack.license.self_generated.type: trial
xpack.security.enabled: true
xpack.monitoring.collection.enabled: true
#xpack.notification.email:

default_account:

profile: standard

smtp:

auth: true

starttls.enable: false

host: localhost

port: 25

smtp_user: borgesm

password: blalalala

I am getting that output into elasticseach:
elasticsearch_1 | "Suppressed: java.lang.IllegalArgumentException: unknown setting [xpack.notification.email.default_account.smtp.host]
did you mean any of [xpack.notification.email.default_account, xpack.notification.slack.default_account]?",
Appreciate any help!
Mauricio

spinscale · October 31, 2019, 12:33pm

Watcher requires a gold/platinum or trial license. Are you using one of those licenses?

Also, please share your configuration file in a gist, so it is possible to follow indentation as this is crucially important to spot mistakes.

Lastly the Elasticsearch version being in use, would help a lot!

Thanks a lot!

Mauricio_Borges · October 31, 2019, 1:38pm

Hello Alexander!
1 - we are using trial version (v 7.3.1). Is valid till end of November.

Your Trial license is active
Your license will expire on November 28, 2019 9:59 PM -02

2 - Follow below elasticsearch.yml file content. if you need more config files I can attach at my google drive ...

cat elasticsearch.yml

Default Elasticsearch configuration from Elasticsearch base image.

https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml

cluster.name: "docker-cluster"
network.host: 0.0.0.0

Use single node discovery in order to disable production mode and avoid bootstrap checks

see https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html

discovery.type: single-node

X-Pack settings

see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html

xpack.license.self_generated.type: trial
xpack.security.enabled: true
xpack.monitoring.collection.enabled: true
#xpack.notification.email.account:

default_account:

profile: standard

smtp:

auth: false

starttls.enable: false

host: localhost

port: 25

smtp_user: cloud_user

password: Jxxxxxa

spinscale · October 31, 2019, 2:59pm

as already stated in my last post, please put your configuration in a gist or pastebin, the formatting here makes it impossible to read it or figure out its indentation.

Mauricio_Borges · October 31, 2019, 4:45pm

https://pastebin.com/4THesYaK

Mauricio_Borges · October 31, 2019, 4:46pm

Sorry Alexander, now I gotcha...see if previous post from pastebin works. Thanks, Mauricio

Mauricio_Borges · November 2, 2019, 1:32am

Hi Alexander!
1 - Good news for "standard e-mail notifications"!
After remove entries smtp_users and password it's working properly!
https://pastebin.com/Xmu5fQy2
1.1 - For Gmail or Outlook I get message "no password specified" even have followed procedures below. However, since item 1 is working I am okay.
Here the logs ==> https://pastebin.com/CEXfAjew
https://www.elastic.co/guide/en/elasticsearch/reference/7.3/actions-email.html#gmail
https://www.elastic.co/guide/en/elasticsearch/reference/7.3/actions-email.html#outlook

2 - Slack integration :
I have follow procedure to [Configure Slack Account] , use keystore method to store secure slack url, however still facing "Erro testing action / An internal server error occurred at Kibana. Here more info about elasticsearch.yml, commands and outputs https://pastebin.com/edit/etWPVKWi

I see "invalid slack [monitoring] account settings." in the logs...

Appreciate any help!
Thanks, Mauricio

spinscale · November 4, 2019, 9:55am

Glad you advanced!

the pastebin website requires a login, can you put it somewhere public?

Mauricio_Borges · November 4, 2019, 11:23am

Hi Alexander!
Weird, it's set public, maybe it's forcing you sign up. I have put here.

Thanks again, Mauricio

spinscale · November 4, 2019, 1:40pm

See this slack error

[settings_exception] invalid slack [monitoring] account settings. missing required
       │ [secure_url]

How did you set up your slack account? Did you setup the secure_url on every keystore on all nodes in your cluster?

--Alex

Mauricio_Borges · November 8, 2019, 10:35pm

Hi Alexander!
It's working fine now! I have set the slack keystore into container, copied to host and target it into my compose file the keystore file. Thank you!
Mauricio

system · December 6, 2019, 10:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.