[role="xpack"] [[actions-email]] === Email action Use the `email` action to send email notifications. To send email, you must <> in `elasticsearch.yml`. Email notifications can be plain text or styled using HTML. You can include information from the watch execution payload using <> and attach the entire watch payload to the message. See <> for the supported attributes. Any attributes that are missing from the email action definition are looked up in the email account configuration. The required attributes must either be set in the email action definition or the account's `email_defaults`. [[configuring-email-actions]] ==== Configuring email actions You configure email actions in the `actions` array. Action-specific attributes are specified using the `email` keyword. For example, the following email action uses a template to include data from the watch payload in the email body: [source,js] -------------------------------------------------- "actions" : { "send_email" : { <1> "email" : { <2> "to" : "username@example.org", <3> "subject" : "Watcher Notification", <4> "body" : "{{ctx.payload.hits.total}} error logs found" <5> } } } -------------------------------------------------- // NOTCONSOLE <1> The id of the action. <2> The action type is set to `email`. <3> One or more addresses to send the email to. Must be specified in the action definition or in the email account configuration. <4> The subject of the email can contain static text and Mustache <>. <5> The body of the email can contain static text and Mustache <>. Must be specified in the action definition or in the email account configuration. [[configuring-email-attachments]] ==== Configuring email attachments You can attach the execution context payload or data from an any HTTP service to the email notification. There is no limit on the number of attachments you can configure. To configure attachments, specify a name for the attached file and the type of attachment: `data`, `http` or `reporting`. The `data` attachment type attaches the execution context payload to the email message. The `http` attachment type enables you to issue an HTTP request and attach the response to the email message. When configuring the `http` attachment type, you must specify the request URL. The `reporting` attachment type is a special type to include PDF rendered dashboards from kibana. This type is consistently polling the kibana app if the dashboard rendering is done, preventing long running HTTP connections, that are potentially killed by firewalls or load balancers in-between. [source,js] -------------------------------------------------- "actions" : { "email_admin" : { "email": { "to": "John Doe ", "attachments" : { "my_image.png" : { <1> "http" : { <2> "content_type" : "image/png", "request" : { "url": "http://example.org/foo/my-image.png" <3> } } }, "dashboard.pdf" : { "reporting" : { "url": "http://example.org:5601/api/reporting/generate/dashboard/Error-Monitoring" } }, "data.yml" : { "data" : { "format" : "yaml" <4> } } } } } } -------------------------------------------------- // NOTCONSOLE <1> The ID of the attachment, which is used as the file name in the email attachment. <2> The type of the attachment and its specific configuration. <3> The URL from which to retrieve the attachment. <4> Data attachments default to JSON if you don't specify the format. .`http` attachment type attributes [options="header"] |===== | Name | Description | `content_type` | Sets the content type for the email attachment. By default, the content type is extracted from the response sent by the HTTP service. You can explicitly specify the content type to ensure that the type is set correctly in the email in case the response does not specify the content type or it's specified incorrectly. Optional. | `inline` | Configures as an attachment to sent with disposition `inline`. This allows the use of embedded images in HTML bodies, which are displayed in certain email clients. Optional. Defaults to `false`. | `request` | Contains the HTTP request attributes. At a minimum, you must specify the `url` attribute to configure the host and path to the service endpoint. See <> for the full list of HTTP request attributes. Required. |===== .`data` attachment type attributes [options="header"] |====== | Name | Description | `format` | Attaches the watch data, equivalent to specifying `attach_data` in the watch configuration. Possible values are `json` or `yaml`. Defaults to `json` if not specified. |====== .`reporting` attachment type attributes [options="header"] |====== | Name | Description | `url` | The URL to trigger the dashboard creation | `inline` | Configures as an attachment to sent with disposition `inline`. This allows the use of embedded images in HTML bodies, which are displayed in certain email clients. Optional. Defaults to `false`. | `retries` | The reporting attachment type tries to poll regularly to receive the created PDF. This configures the number of retries. Defaults to `40`. The setting `xpack.notification.reporting.retries` can be configured globally to change the default. | `interval` | The time to wait between two polling tries. Defaults to `15s` (this means, by default watcher tries to download a dashboard for 10 minutes, forty times fifteen seconds). The setting `xpack.notification.reporting.interval` can be configured globally to change the default. | `request.auth` | Additional auth configuration for the request | `request.proxy` | Additional proxy configuration for the request |====== [[email-action-reports]] ===== Attaching reports to an email You can use the `reporting` attachment type in an `email` action to automatically generate a Kibana report and distribute it via email. See {kibana-ref}/automating-report-generation.html[Automating report generation]. [[email-action-attributes]] ==== Email action attributes [cols=",^,,", options="header"] |====== | Name |Required | Default | Description | `account` | no | the default account | The <> to use to send the email. | `from` | no | - | The email <> from which the email will be sent. The `from` field can contain Mustache <> as long as it resolves to a valid email address. | `to` | yes | - | The email <> of the `to` recipients. The `to` field can contain Mustache <> as long as it resolves to a valid email address. | `cc` | no | - | The email <> of the `cc` recipients. The `cc` field can contain Mustache <> as long as it resolves to a valid email address. | `bcc` | no | - | The email <> of the `bcc` recipients. The `bcc` field can contain Mustache <> as long as it resolves to a valid email address. | `reply_to` | no | - | The email <> that will be set on the message's `Reply-To` header. The `reply_to` field can contain Mustache <> as long as it resolves to a valid email address. | `subject` | no | - | The subject of the email. The subject can be static text or contain Mustache <>. | `body` | no | - | The body of the email. When this field holds a string, it will default to the text body of the email. Set as an object to specify either the text or the html body or both (using the fields below) | `body.text` | no | - | The plain text body of the email. The body can be static text or contain Mustache <>. | `body.html` | no | - | The html body of the email. The body can be static text or contain Mustache <>. This body will be sanitized to remove dangerous content such as scripts. This behavior can be disabled by setting `xpack.notification.email.html.sanitization.enabled: false` in `elasticsearch.yaml`. | `priority` | no | - | The priority of this email. Valid values are: `lowest`, `low`, `normal`, `high` and `highest`. The priority can contain a Mustache <> as long as it resolves to one of the valid values. | `attachments` | no | - | Attaches the watch payload (`data` attachment) or a file retrieved from an HTTP service (`http` attachment) to the email. For more information, see <>. | `attach_data` | no | false | Indicates whether the watch execution data should be attached to the email. You can specify a Boolean value or an object. If `attach_data` is set to `true`, the data is attached as a YAML file. This attribute is deprecated, use the `attachments` attribute to add a `data` attachment to attach the watch payload. | `attach_data.format` | no | yaml | When `attach_data` is specified as an object, this field controls the format of the attached data. The supported formats are `json` and `yaml`. This attribute is deprecated, use the `attachments` attribute to add a `data` attachment to attach the watch payload. |====== [[email-address]] Email Address:: An email address can contain two possible parts--the address itself and an optional personal name as described in http://www.ietf.org/rfc/rfc822.txt[RFC 822]. The address can be represented either as a string of the form `user@host.domain` or `Personal Name `. You can also specify an email address as an object that contains `name` and `address` fields. [[address-list]] Address List:: A list of addresses can be specified as a an array: `[ 'Personal Name ', 'user2@host.domain' ]`. [[configuring-email]] ==== Configuring email accounts {watcher} can send email using any SMTP email service. Email messages can contain basic HTML tags. You can control which groups of tags are allowed by <>. You configure the accounts {watcher} can use to send email in the `xpack.notification.email` namespace in `elasticsearch.yml`. If your email account is configured to require two step verification, you need to generate and use a unique App Password to send email from {watcher}. Authentication will fail if you use your primary password. IMPORTANT: Currently, neither Watcher nor Shield provide a mechanism to encrypt settings in `elasticsearch.yml`. Because the email account credentials appear in plain text, you should limit access to `elasticsearch.yml` to the user that you use to run Elasticsearch. [[email-profile]] {watcher} provides three email profiles that control how MIME messages are structured: `standard` (default), `gmail`, and `outlook`. These profiles accommodate differences in how various email systems interpret the MIME standard. If you are using Gmail or Outlook, we recommend using the corresponding profile. Use the `standard` profile if you are using another email system. For more information about configuring {watcher} to work with different email systems, see: * <> * <> * <> * <> If you configure multiple email accounts, you must either configure a default account or specify which account the email should be sent with in the <> action. [source,yaml] -------------------------------------------------- xpack.notification.email: default_account: team1 account: team1: ... team2: ... -------------------------------------------------- [float] [[gmail]] ===== Sending email from Gmail Use the following email account settings to send email from the https://mail.google.com[Gmail] SMTP service: [source,yaml] -------------------------------------------------- xpack.notification.email.account: gmail_account: profile: gmail smtp: auth: true starttls.enable: true host: smtp.gmail.com port: 587 user: -------------------------------------------------- In order to store the account SMTP password, use the keystore command (see {ref}/secure-settings.html[secure settings]) [source,yaml] -------------------------------------------------- bin/elasticsearch-keystore add xpack.notification.email.account.gmail_account.smtp.secure_password -------------------------------------------------- If you get an authentication error that indicates that you need to continue the sign-in process from a web browser when {watcher} attempts to send email, you need to configure Gmail to https://support.google.com/accounts/answer/6010255?hl=en[Allow Less Secure Apps to access your account]. If two-step verification is enabled for your account, you must generate and use a unique App Password to send email from {watcher}. See https://support.google.com/accounts/answer/185833?hl=en[Sign in using App Passwords] for more information. [float] [[outlook]] ===== Sending email from Outlook.com Use the following email account settings to send email action from the https://www.outlook.com/[Outlook.com] SMTP service: [source,yaml] -------------------------------------------------- xpack.notification.email.account: outlook_account: profile: outlook smtp: auth: true starttls.enable: true host: smtp-mail.outlook.com port: 587 user: -------------------------------------------------- In order to store the account SMTP password, use the keystore command (see {ref}/secure-settings.html[secure settings]) [source,yaml] -------------------------------------------------- bin/elasticsearch-keystore add xpack.notification.email.account.outlook_account.smtp.secure_password -------------------------------------------------- When sending emails, you have to provide a from address, either a default one in your account configuration or as part of the email action in the watch. NOTE: You need to use a unique App Password if two-step verification is enabled. See http://windows.microsoft.com/en-us/windows/app-passwords-two-step-verification[App passwords and two-step verification] for more information. [float] [[amazon-ses]] ===== Sending email from Amazon SES (Simple Email Service) Use the following email account settings to send email from the http://aws.amazon.com/ses[Amazon Simple Email Service] (SES) SMTP service: [source,yaml] -------------------------------------------------- xpack.notification.email.account: ses_account: smtp: auth: true starttls.enable: true starttls.required: true host: email-smtp.us-east-1.amazonaws.com <1> port: 587 user: -------------------------------------------------- <1> `smtp.host` varies depending on the region In order to store the account SMTP password, use the keystore command (see {ref}/secure-settings.html[secure settings]) [source,yaml] -------------------------------------------------- bin/elasticsearch-keystore add xpack.notification.email.account.ses_account.smtp.secure_password -------------------------------------------------- NOTE: You need to use your Amazon SES SMTP credentials to send email through Amazon SES. For more information, see http://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html[Obtaining Your Amazon SES SMTP Credentials]. You might also need to verify https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html[your email address] or https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-domains.html[your whole domain] at AWS. [float] [[exchange]] ===== Sending email from Microsoft Exchange Use the following email account settings to send email action from Microsoft Exchange: [source,yaml] -------------------------------------------------- xpack.notification.email.account: exchange_account: profile: outlook email_defaults: from: <1> smtp: auth: true starttls.enable: true host: port: 587 user: <2> -------------------------------------------------- <1> Some organizations configure Exchange to validate that the `from` field is a valid local email account. <2> Many organizations support use of your email address as your username, though it is a good idea to check with your system administrator if you receive authentication-related failures. In order to store the account SMTP password, use the keystore command (see {ref}/secure-settings.html[secure settings]) [source,yaml] -------------------------------------------------- bin/elasticsearch-keystore add xpack.notification.email.account.exchange_account.smtp.secure_password -------------------------------------------------- [float] [[email-html-sanitization]] ===== Configuring HTML sanitization options The `email` action supports sending messages with an HTML body. However, for security reasons, {watcher} https://en.wikipedia.org/wiki/HTML_sanitization[sanitizes] the HTML. You can control which HTML features are allowed or disallowed by configuring the `xpack.notification.email.html.sanitization.allow` and `xpack.notification.email.html.sanitization.disallow` settings in `elasticsearch.yml`. You can specify individual HTML elements and {ref}/notification-settings.html#html-feature-groups[HTML feature groups]. By default, {watcher} allows the following features: `body`, `head`, `_tables`, `_links`, `_blocks`, `_formatting` and `img:embedded`. For example, the following settings allow the HTML to contain tables and block elements, but disallow `

`, `

` and `
` tags. [source,yaml] -------------------------------------------------- xpack.notification.email.html.sanitization: allow: _tables, _blocks disallow: h4, h5, h6 -------------------------------------------------- To disable sanitization entirely, add the following setting to `elasticsearch.yml`: [source,yaml] -------------------------------------------------- xpack.notification.email.html.sanitization.enabled: false --------------------------------------------------