OpenSearch/x-pack/docs/en/watcher/actions/email.asciidoc

476 lines
21 KiB
Plaintext
Raw Normal View History

[role="xpack"]
[[actions-email]]
=== Email action
Use the `email` action to send email notifications. To send email, you must
<<configuring-email, configure at least one email account>> in
`elasticsearch.yml`.
Email notifications can be plain text or styled using HTML. You can include
information from the watch execution payload using <<templates, templates>>
and attach the entire watch payload to the message.
See <<email-action-attributes>> for the supported attributes. Any attributes that
are missing from the email action definition are looked up in the email
account configuration. The required attributes must either be set in the email
action definition or the account's `email_defaults`.
[[configuring-email-actions]]
==== Configuring email actions
You configure email actions in the `actions` array. Action-specific attributes
are specified using the `email` keyword.
For example, the following email action uses a template to include data from
the watch payload in the email body:
[source,js]
--------------------------------------------------
"actions" : {
"send_email" : { <1>
"email" : { <2>
"to" : "username@example.org", <3>
"subject" : "Watcher Notification", <4>
"body" : "{{ctx.payload.hits.total.value}} error logs found" <5>
}
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The id of the action.
<2> The action type is set to `email`.
<3> One or more addresses to send the email to. Must be specified in the
action definition or in the email account configuration.
<4> The subject of the email can contain static text and Mustache <<templates,
templates>>.
<5> The body of the email can contain static text and Mustache <<templates,
templates>>. Must be specified in the action definition or in the email
account configuration.
[[configuring-email-attachments]]
==== Configuring email attachments
You can attach the execution context payload or data from an any HTTP service to
the email notification. There is no limit on the number of attachments you can
configure.
To configure attachments, specify a name for the attached file and the type of
attachment: `data`, `http` or `reporting`. The `data` attachment type attaches the execution
context payload to the email message. The `http` attachment type enables
you to issue an HTTP request and attach the response to the email message. When
configuring the `http` attachment type, you must specify the request URL. The
`reporting` attachment type is a special type to include PDF rendered dashboards
from kibana. This type is consistently polling the kibana app if the dashboard
rendering is done, preventing long running HTTP connections, that are potentially
killed by firewalls or load balancers in-between.
[source,js]
--------------------------------------------------
"actions" : {
"email_admin" : {
"email": {
"to": "John Doe <john.doe@example.com>",
"attachments" : {
"my_image.png" : { <1>
"http" : { <2>
"content_type" : "image/png",
"request" : {
"url": "http://example.org/foo/my-image.png" <3>
}
}
},
"dashboard.pdf" : {
"reporting" : {
"url": "http://example.org:5601/api/reporting/generate/dashboard/Error-Monitoring"
}
},
"data.yml" : {
"data" : {
"format" : "yaml" <4>
}
}
}
}
}
}
--------------------------------------------------
// NOTCONSOLE
<1> The ID of the attachment, which is used as the file name in the email
attachment.
<2> The type of the attachment and its specific configuration.
<3> The URL from which to retrieve the attachment.
<4> Data attachments default to JSON if you don't specify the format.
.`http` attachment type attributes
[options="header"]
|=====
| Name | Description
| `content_type` | Sets the content type for the email attachment. By default,
the content type is extracted from the response sent by the
HTTP service. You can explicitly specify the content type to
ensure that the type is set correctly in the email in case
the response does not specify the content type or it's specified
incorrectly. Optional.
| `inline` | Configures as an attachment to sent with disposition `inline`. This
allows the use of embedded images in HTML bodies, which are displayed
in certain email clients. Optional. Defaults to `false`.
| `request` | Contains the HTTP request attributes. At a minimum, you must
specify the `url` attribute to configure the host and path to
the service endpoint. See <<webhook-action-attributes>> for
the full list of HTTP request attributes. Required.
|=====
.`data` attachment type attributes
[options="header"]
|======
| Name | Description
| `format` | Attaches the watch data, equivalent to specifying `attach_data`
in the watch configuration. Possible values are `json` or `yaml`.
Defaults to `json` if not specified.
|======
.`reporting` attachment type attributes
[options="header"]
|======
| Name | Description
| `url` | The URL to trigger the dashboard creation
| `inline` | Configures as an attachment to sent with disposition `inline`. This
allows the use of embedded images in HTML bodies, which are displayed
in certain email clients. Optional. Defaults to `false`.
| `retries` | The reporting attachment type tries to poll regularly to receive the
created PDF. This configures the number of retries. Defaults to `40`.
The setting `xpack.notification.reporting.retries` can be configured
globally to change the default.
| `interval` | The time to wait between two polling tries. Defaults to `15s` (this
means, by default watcher tries to download a dashboard for 10 minutes,
forty times fifteen seconds). The setting `xpack.notification.reporting.interval`
can be configured globally to change the default.
| `request.auth` | Additional auth configuration for the request
| `request.proxy` | Additional proxy configuration for the request
|======
[[email-action-reports]]
===== Attaching reports to an email
You can use the `reporting` attachment type in an `email` action to automatically
generate a Kibana report and distribute it via email.
See {kibana-ref}/automating-report-generation.html[Automating report generation].
[[email-action-attributes]]
==== Email action attributes
[cols=",^,,", options="header"]
|======
| Name |Required | Default | Description
| `account` | no | the default account | The <<configuring-email, email account>> to use to send the email.
| `from` | no | - | The email <<email-address,address>> from which the email
will be sent. The `from` field can contain Mustache
<<templates, templates>> as long as it resolves to a
valid email address.
| `to` | yes | - | The email <<email-address,addresses>> of the `to` recipients.
The `to` field can contain Mustache <<templates, templates>>
as long as it resolves to a valid email address.
| `cc` | no | - | The email <<email-address,addresses>> of the `cc` recipients.
The `cc` field can contain Mustache <<templates, templates>>
as long as it resolves to a valid email address.
| `bcc` | no | - | The email <<email-address,addresses>> of the `bcc` recipients.
The `bcc` field can contain Mustache <<templates, templates>>
as long as it resolves to a valid email address.
| `reply_to` | no | - | The email <<email-address,addresses>> that will be set on the
message's `Reply-To` header. The `reply_to` field can contain
Mustache <<templates, templates>> as long as it resolves to
a valid email address.
| `subject` | no | - | The subject of the email. The subject can be static text or
contain Mustache <<templates, templates>>.
| `body` | no | - | The body of the email. When this field holds a string, it
will default to the text body of the email. Set as an object
to specify either the text or the html body or both (using
the fields below)
| `body.text` | no | - | The plain text body of the email. The body can be static text
or contain Mustache <<templates, templates>>.
| `body.html` | no | - | The html body of the email. The body can be static text or
contain Mustache <<templates, templates>>. This body will be
sanitized to remove dangerous content such as scripts. This
behavior can be disabled by setting
`xpack.notification.email.html.sanitization.enabled: false` in
`elasticsearch.yaml`.
| `priority` | no | - | The priority of this email. Valid values are: `lowest`, `low`,
`normal`, `high` and `highest`. The priority can contain a
Mustache <<templates, template>> as long as it resolves to
one of the valid values.
| `attachments` | no | - | Attaches the watch payload (`data` attachment) or a file
retrieved from an HTTP service (`http` attachment) to the
email. For more information, see
<<configuring-email-attachments, Configuring Email Attachments>>.
| `attach_data` | no | false | Indicates whether the watch execution data should be attached
to the email. You can specify a Boolean value or an object.
If `attach_data` is set to `true`, the data is attached as a
YAML file. This attribute is deprecated, use the `attachments`
attribute to add a `data` attachment to attach the watch payload.
| `attach_data.format` | no | yaml | When `attach_data` is specified as an object, this field
controls the format of the attached data. The supported formats
are `json` and `yaml`. This attribute is deprecated, use the
`attachments` attribute to add a `data` attachment to attach
the watch payload.
|======
[[email-address]]
Email Address::
An email address can contain two possible parts--the address itself and an
optional personal name as described in http://www.ietf.org/rfc/rfc822.txt[RFC 822].
The address can be represented either as a string of the form `user@host.domain`
or `Personal Name <user@host.domain>`. You can also specify an email address as
an object that contains `name` and `address` fields.
[[address-list]]
Address List::
A list of addresses can be specified as a an
array: `[ 'Personal Name <user1@host.domain>', 'user2@host.domain' ]`.
[[configuring-email]]
==== Configuring email accounts
{watcher} can send email using any SMTP email service. Email
messages can contain basic HTML tags. You can control which groups of tags are
allowed by <<email-html-sanitization, Configuring HTML Sanitization Options>>.
You configure the accounts {watcher} can use to send email in the
`xpack.notification.email` namespace in `elasticsearch.yml`.
If your email account is configured to require two step verification, you need
to generate and use a unique App Password to send email from {watcher}.
Authentication will fail if you use your primary password.
IMPORTANT: Currently, neither Watcher nor Shield provide a mechanism to encrypt
settings in `elasticsearch.yml`. Because the email account credentials appear
in plain text, you should limit access to `elasticsearch.yml` to the user that
you use to run Elasticsearch.
[[email-profile]]
{watcher} provides three email profiles that control how MIME messages are
structured: `standard` (default), `gmail`, and `outlook`. These profiles
accommodate differences in how various email systems interpret the MIME
standard. If you are using Gmail or Outlook, we recommend using the
corresponding profile. Use the `standard` profile if you are using another
email system.
For more information about configuring {watcher} to work with different email
systems, see:
* <<gmail>>
* <<outlook>>
* <<exchange>>
* <<amazon-ses>>
If you configure multiple email accounts, you must either configure a default
account or specify which account the email should be sent with in the
<<actions-email,`email`>> action.
[source,yaml]
--------------------------------------------------
xpack.notification.email:
default_account: team1
account:
team1:
...
team2:
...
--------------------------------------------------
[float]
[[gmail]]
===== Sending email from Gmail
Use the following email account settings to send email from the
https://mail.google.com[Gmail] SMTP service:
[source,yaml]
--------------------------------------------------
xpack.notification.email.account:
gmail_account:
profile: gmail
smtp:
auth: true
starttls.enable: true
host: smtp.gmail.com
port: 587
user: <username>
--------------------------------------------------
In order to store the account SMTP password, use the keystore command
(see {ref}/secure-settings.html[secure settings])
[source,yaml]
--------------------------------------------------
bin/elasticsearch-keystore add xpack.notification.email.account.gmail_account.smtp.secure_password
--------------------------------------------------
If you get an authentication error that indicates that you need to continue the
sign-in process from a web browser when {watcher} attempts to send email, you need
to configure Gmail to https://support.google.com/accounts/answer/6010255?hl=en[Allow
Less Secure Apps to access your account].
If two-step verification is enabled for your account, you must generate and use
a unique App Password to send email from {watcher}. See
https://support.google.com/accounts/answer/185833?hl=en[Sign in using App Passwords]
for more information.
[float]
[[outlook]]
===== Sending email from Outlook.com
Use the following email account settings to send email action from the
https://www.outlook.com/[Outlook.com] SMTP service:
[source,yaml]
--------------------------------------------------
xpack.notification.email.account:
outlook_account:
profile: outlook
smtp:
auth: true
starttls.enable: true
host: smtp-mail.outlook.com
port: 587
user: <email.address>
--------------------------------------------------
In order to store the account SMTP password, use the keystore command
(see {ref}/secure-settings.html[secure settings])
[source,yaml]
--------------------------------------------------
bin/elasticsearch-keystore add xpack.notification.email.account.outlook_account.smtp.secure_password
--------------------------------------------------
When sending emails, you have to provide a from address, either a default one
in your account configuration or as part of the email action in the watch.
NOTE: You need to use a unique App Password if two-step verification is enabled.
See http://windows.microsoft.com/en-us/windows/app-passwords-two-step-verification[App
passwords and two-step verification] for more information.
[float]
[[amazon-ses]]
===== Sending email from Amazon SES (Simple Email Service)
Use the following email account settings to send email from the
http://aws.amazon.com/ses[Amazon Simple Email Service] (SES) SMTP service:
[source,yaml]
--------------------------------------------------
xpack.notification.email.account:
ses_account:
smtp:
auth: true
starttls.enable: true
starttls.required: true
host: email-smtp.us-east-1.amazonaws.com <1>
port: 587
user: <username>
--------------------------------------------------
<1> `smtp.host` varies depending on the region
In order to store the account SMTP password, use the keystore command
(see {ref}/secure-settings.html[secure settings])
[source,yaml]
--------------------------------------------------
bin/elasticsearch-keystore add xpack.notification.email.account.ses_account.smtp.secure_password
--------------------------------------------------
NOTE: You need to use your Amazon SES SMTP credentials to send email through
Amazon SES. For more information, see
http://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html[Obtaining
Your Amazon SES SMTP Credentials]. You might also need to verify
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html[your email address]
or https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-domains.html[your whole domain]
at AWS.
[float]
[[exchange]]
===== Sending email from Microsoft Exchange
Use the following email account settings to send email action from Microsoft
Exchange:
[source,yaml]
--------------------------------------------------
xpack.notification.email.account:
exchange_account:
profile: outlook
email_defaults:
from: <email address of service account> <1>
smtp:
auth: true
starttls.enable: true
host: <your exchange server>
port: 587
user: <email address of service account> <2>
--------------------------------------------------
<1> Some organizations configure Exchange to validate that the `from` field is a
valid local email account.
<2> Many organizations support use of your email address as your username, though
it is a good idea to check with your system administrator if you receive
authentication-related failures.
In order to store the account SMTP password, use the keystore command
(see {ref}/secure-settings.html[secure settings])
[source,yaml]
--------------------------------------------------
bin/elasticsearch-keystore add xpack.notification.email.account.exchange_account.smtp.secure_password
--------------------------------------------------
[float]
[[email-html-sanitization]]
===== Configuring HTML sanitization options
The `email` action supports sending messages with an HTML body. However, for
security reasons, {watcher} https://en.wikipedia.org/wiki/HTML_sanitization[sanitizes]
the HTML.
You can control which HTML features are allowed or disallowed by configuring the
`xpack.notification.email.html.sanitization.allow` and
`xpack.notification.email.html.sanitization.disallow` settings in
`elasticsearch.yml`. You can specify individual HTML elements and
{ref}/notification-settings.html#html-feature-groups[HTML feature groups]. By default, {watcher} allows the following
features: `body`, `head`, `_tables`, `_links`, `_blocks`, `_formatting` and
`img:embedded`.
For example, the following settings allow the HTML to contain tables and block
elements, but disallow `<h4>`, `<h5>` and `<h6>` tags.
[source,yaml]
--------------------------------------------------
xpack.notification.email.html.sanitization:
allow: _tables, _blocks
disallow: h4, h5, h6
--------------------------------------------------
To disable sanitization entirely, add the following setting to
`elasticsearch.yml`:
[source,yaml]
--------------------------------------------------
xpack.notification.email.html.sanitization.enabled: false
--------------------------------------------------