You configure Watcher settings to set up Watcher and send notifications via email, Slack, and PagerDuty.
All of these settings can be added to the elasticsearch.yml
configuration file,
with the exception of the secure settings, which you add to the Elasticsearch keystore.
For more information about creating and updating the Elasticsearch keystore, see
Secure settings. Dynamic settings can also be updated across a cluster with the
cluster update settings API.
xpack.watcher.enabled
false
to disable Watcher on the node.
xpack.watcher.encrypt_sensitive_data
true
to encrypt sensitive data. If this setting is enabled, you
must also specify the xpack.watcher.encryption_key
setting. For more
information, see
Encrypting sensitive data in Watcher.
xpack.watcher.encryption_key
(Secure)
xpack.watcher.encrypt_sensitive_data
is set to true
, this setting is
required. For more information, see
Encrypting sensitive data in Watcher.
xpack.watcher.history.cleaner_service.enabled
[6.3.0]
Added in 6.3.0.
Default changed to true
.
[7.0.0]
Deprecated in 7.0.0.
Watcher history indices are now managed by the watch-history-ilm-policy
ILM policy
Set to true
(default) to enable the cleaner service. If this setting is
true
, the xpack.monitoring.enabled
setting must also be set to true
with
a local exporter enabled. The cleaner service removes previous versions of
Watcher indices (for example, .watcher-history*
) when it determines that
they are old. The duration of Watcher indices is determined by the
xpack.monitoring.history.duration
setting, which defaults to 7 days. For
more information about that setting, see Monitoring settings.
xpack.http.proxy.host
xpack.http.proxy.port
xpack.http.default_connection_timeout
xpack.http.default_read_timeout
xpack.http.max_response_size
10mb
, the maximum configurable value is 50mb
.
xpack.http.whitelist
*
allowing everything. Note: If you configure this setting and you are using one
of the slack/pagerduty actions, you have to ensure that the
corresponding endpoints are whitelisted as well.
You can configure the following TLS/SSL settings. If the settings are not configured, the Default TLS/SSL Settings are used.
xpack.http.ssl.supported_protocols
SSLv2Hello
,
SSLv3
, TLSv1
, TLSv1.1
, TLSv1.2
, TLSv1.3
. Defaults to TLSv1.3,TLSv1.2,TLSv1.1
if
the JVM supports TLSv1.3, otherwise TLSv1.2,TLSv1.1
.
xpack.http.ssl.verification_mode
none
,
certificate
, and full
. Defaults to full
.
xpack.http.ssl.cipher_suites
The following settings are used to specify a private key, certificate, and the trusted certificates that should be used when communicating over an SSL/TLS connection. A private key and certificate are optional and would be used if the server requires client authentication for PKI authentication. If none of the settings below are specified, the Default TLS/SSL Settings are used.
When using PEM encoded files, use the following settings:
xpack.http.ssl.key
xpack.http.ssl.key_passphrase
xpack.http.ssl.secure_key_passphrase
(Secure)
xpack.http.ssl.certificate
xpack.http.ssl.certificate_authorities
When using Java keystore files (JKS), which contain the private key, certificate and certificates that should be trusted, use the following settings:
xpack.http.ssl.keystore.path
xpack.http.ssl.keystore.password
xpack.http.ssl.keystore.secure_password
(Secure)
xpack.http.ssl.keystore.key_password
xpack.http.ssl.keystore.password
.
xpack.http.ssl.keystore.secure_key_password
(Secure)
xpack.http.ssl.truststore.path
xpack.http.ssl.truststore.password
xpack.http.ssl.truststore.secure_password
(Secure)
Elasticsearch can be configured to use PKCS#12 container files (.p12
or .pfx
files)
that contain the private key, certificate and certificates that should be trusted.
PKCS#12 files are configured in the same way as Java Keystore Files:
xpack.http.ssl.keystore.path
xpack.http.ssl.keystore.type
PKCS12
to indicate that the keystore is a PKCS#12 file.
xpack.http.ssl.keystore.password
xpack.http.ssl.keystore.secure_password
(Secure)
xpack.http.ssl.keystore.key_password
xpack.http.ssl.keystore.password
.
xpack.http.ssl.keystore.secure_key_password
(Secure)
xpack.http.ssl.truststore.path
xpack.http.ssl.truststore.type
PKCS12
to indicate that the truststore is a PKCS#12 file.
xpack.http.ssl.truststore.password
xpack.http.ssl.truststore.secure_password
(Secure)
Elasticsearch can be configured to use a PKCS#11 token that contains the private key, certificate and certificates that should be trusted.
PKCS#11 token require additional configuration on the JVM level and can be enabled via the following settings:
xpack.http.keystore.type
PKCS11
to indicate that the PKCS#11 token should be used as a keystore.
xpack.http.truststore.type
PKCS11
to indicate that the PKCS#11 token should be used as a truststore.
When configuring the PKCS#11 token that your JVM is configured to use as
a keystore or a truststore for Elasticsearch, the PIN for the token can be
configured by setting the appropriate value to ssl.truststore.password
or ssl.truststore.secure_password
in the context that you are configuring.
Since there can only be one PKCS#11 token configured, only one keystore and
truststore will be usable for configuration in Elasticsearch. This in turn means
that only one certificate can be used for TLS both in the transport and the
http layer.
You can configure the following email notification settings in
elasticsearch.yml
. For more information about sending notifications
via email, see Configuring Email.
xpack.notification.email.account
Specifies account information for sending notifications via email. You can specify the following email account attributes:
profile
(Dynamic)
standard
, gmail
and
outlook
. Defaults to standard
.
email_defaults.*
(Dynamic)
smtp.auth
(Dynamic)
true
to attempt to authenticate the user using the
AUTH command. Defaults to false
.
smtp.host
(Dynamic)
smtp.port
(Dynamic)
smtp.user
(Dynamic)
smtp.secure_password
(Secure)
smtp.starttls.enable
(Dynamic)
true
to enable the use of the STARTTLS
command (if supported by the server) to switch the connection to a
TLS-protected connection before issuing any login commands. Note that
an appropriate trust store must configured so that the client will
trust the server’s certificate. Defaults to false
.
smtp.starttls.required
(Dynamic)
true
, then STARTTLS
will be required. If that command fails, the
connection will fail. Defaults to false
.
smtp.ssl.trust
(Dynamic)
smtp.timeout
(Dynamic)
smtp.connection_timeout
(Dynamic)
smtp.write_timeout
(Dynamic)
smtp.local_address
(Dynamic)
smtp.local_port
(Dynamic)
smtp.send_partial
(Dynamic)
smtp.wait_on_quit
(Dynamic)
xpack.notification.email.html.sanitization.allow
Specifies the HTML elements that are allowed in email notifications. For more information, see Configuring HTML Sanitization Options. You can specify individual HTML elements and the following HTML feature groups:
_tables
<table>
, <th>
, <tr>
and <td>
.
_blocks
<p>
, <div>
, <h1>
,
<h2>
, <h3>
, <h4>
, <h5>
, <h6>
, <ul>
, <ol>
,
<li>
, and <blockquote>
.
_formatting
<b>
, <i>
,
<s>
, <u>
, <o>
, <sup>
, <sub>
, <ins>
, <del>
,
<strong>
, <strike>
, <tt>
, <code>
, <big>
,
<small>
, <br>
, <span>
, and <em>
.
_links
<a>
element with an href
attribute that points
to a URL using the following protocols: http
, https
and mailto
.
_styles
style
attribute on all elements. Note that CSS
attributes are also sanitized to prevent XSS attacks.
img
,
img:all
img:embedded
cid:
URL protocol in their src
attribute.
xpack.notification.email.html.sanitization.disallow
xpack.notification.email.html.sanitization.enabled
false
to completely disable HTML sanitation. Not recommended.
Defaults to true
.
You can configure the following Slack notification settings in
elasticsearch.yml
. For more information about sending notifications
via Slack, see Configuring Slack.
xpack.notification.slack
Specifies account information for sending notifications via Slack. You can specify the following Slack account attributes:
secure_url
(Secure)
message_defaults.from
message_defaults.to
message_defaults.icon
message_defaults.text
message_defaults.attachment
You can configure the following Jira notification settings in
elasticsearch.yml
. For more information about using notifications
to create issues in Jira, see Configuring Jira.
xpack.notification.jira
Specifies account information for using notifications to create issues in Jira. You can specify the following Jira account attributes:
secure_url
(Secure)
secure_user
(Secure)
secure_password
(Secure)
issue_defaults
You can configure the following PagerDuty notification settings in
elasticsearch.yml
. For more information about sending notifications
via PagerDuty, see Configuring PagerDuty.
xpack.notification.pagerduty
Specifies account information for sending notifications via PagerDuty. You can specify the following PagerDuty account attributes:
name
secure_service_api_key
(Secure)
event_defaults
description
description
.
incident_key
client
client_url
event_type
trigger
,resolve
, acknowledge
.
attach_payload
true
, false
.