Can't get webhook to work when CURL does

dpresbit · April 2, 2019, 1:31am

Trying to get a very simple watcher to execute as a "hello world" test to an external REST API and it does not working. Tried a CURL from the underlying elastic linux host and it works perfectly. Note: Destination REST API is using a self-signed cert so with CURL I use the -k option. Don't know if this is a problem for elastic/watcher or not.

My code is as follows (note you'll see I've brute forced the entry for BODY to test, but long term I want the JSON from input section):

{ "trigger": { "schedule": { "interval": "1m" } }, "input": { "simple": { "severity": 0, "owner": "admin", "name": "Hello World", "type": "Unclassified", "createInvestigation": true } }, "condition": { "always": {} }, "actions": { "postincident": { "webhook": { "scheme": "https", "host": "REDACTED_HOSTNAME", "port": 443, "method": "post", "path": "/incident", "params": {}, "headers": { "Authorization": "REDACTED_API_KEY", "content-type": "application/json", "accept": "application/json" }, "body": "{\"name\" : \"Hello World\",\"type\" : \"Unclassified\",\"severity\" : 0,\"owner\" : \"admin\",\"createInvestigation\" : true}" } } } }

dpresbit · April 2, 2019, 1:33am

Here's my results from the simulated watcher:

{ "watch_id": "_inlined_", "node": "3JcGg-ZAQbywRyAnPS9IgA", "state": "executed", "status": { "state": { "active": true, "timestamp": "2019-04-02T01:32:26.396Z" }, "last_checked": "2019-04-02T01:32:26.397Z", "last_met_condition": "2019-04-02T01:32:26.397Z", "actions": { "postincident": { "ack": { "timestamp": "2019-04-02T01:32:26.397Z", "state": "ackable" }, "last_execution": { "timestamp": "2019-04-02T01:32:26.397Z", "successful": true }, "last_successful_execution": { "timestamp": "2019-04-02T01:32:26.397Z", "successful": true } } }, "execution_state": "executed", "version": -1 }, "trigger_event": { "type": "manual", "triggered_time": "2019-04-02T01:32:26.397Z", "manual": { "schedule": { "scheduled_time": "2019-04-02T01:32:26.397Z" } } }, "input": { "simple": { "severity": 0, "owner": "admin", "name": "Hello World", "type": "Unclassified", "createInvestigation": true } }, "condition": { "always": {} }, "metadata": { "name": "test", "xpack": { "type": "json" } }, "result": { "execution_time": "2019-04-02T01:32:26.397Z", "execution_duration": 0, "input": { "type": "simple", "status": "success", "payload": { "severity": 0, "owner": "admin", "name": "Hello World", "type": "Unclassified", "createInvestigation": true } }, "condition": { "type": "always", "status": "success", "met": true }, "actions": [ { "id": "postincident", "type": "webhook", "status": "simulated", "webhook": { "request": { "host": "REDACTED_HOST", "port": 443, "scheme": "https", "method": "post", "path": "/incident", "headers": { "Authorization": "::es_redacted::", "content-type": "application/json", "accept": "application/json" }, "body": "{\"name\" : \"Hello World\",\"type\" : \"Unclassified\",\"severity\" : 0,\"owner\" : \"admin\",\"createInvestigation\" : true}" } } } ] }, "messages": [] }

TimV · April 2, 2019, 5:21am

If your webhook URL uses certificates that are not trusted by the JVM, then you need to configure watcher SSL:

Watcher settings in Elasticsearch | Elasticsearch Guide [6.6] | Elastic

system · April 30, 2019, 5:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Webhook to slack fails to post - Elastic search 1.7 Elasticsearch elastic-stack-alerting	5	3580	July 6, 2017
Watcher webhooks and a 400 error Elasticsearch elastic-stack-alerting	4	2535	July 6, 2017
401 Error when using webhook in Watcher Elasticsearch elastic-stack-alerting	7	2412	March 20, 2017
ElasticSearch Watcher Webhook and SSL trust issue Elasticsearch elastic-stack-security	4	2018	April 14, 2021
Simple Watcher Webhook Kibana	5	1650	November 6, 2019

Can't get webhook to work when CURL does

Related topics