- X-Pack Reference for 6.0-6.2 and 5.x:
- Introduction
- Setting Up X-Pack
- Breaking Changes
- X-Pack APIs
- Graphing Connections in Your Data
- Profiling your Queries and Aggregations
- Reporting from Kibana
- Securing the Elastic Stack
- Getting Started with Security
- How Security Works
- Setting Up User Authentication
- Configuring SAML Single-Sign-On on the Elastic Stack
- Configuring Role-based Access Control
- Auditing Security Events
- Encrypting Communications
- Restricting Connections with IP Filtering
- Cross Cluster Search, Tribe, Clients and Integrations
- Reference
- Monitoring the Elastic Stack
- Alerting on Cluster and Index Events
- Machine Learning in the Elastic Stack
- Troubleshooting
- Getting Help
- X-Pack security
- Can’t log in after upgrading to 6.2.4
- Some settings are not returned via the nodes settings API
- Authorization exceptions
- Users command fails due to extra arguments
- Users are frequently locked out of Active Directory
- Certificate verification fails for curl on Mac
- SSLHandshakeException causes connections to fail
- Common SSL/TLS exceptions
- Internal Server Error in Kibana
- Setup-passwords command fails due to connection failure
- X-Pack Watcher
- X-Pack monitoring
- X-Pack machine learning
- Limitations
- License Management
- Release Notes
WARNING: Version 6.2 of the Elastic Stack has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Webhook Action
editWebhook Action
editUse the webhook
action to send a request to any web service. The
webhook action supports both HTTP and HTTPS connections. See
Webhook Action Attributes for the supported
attributes.
Configuring Webhook Actions
editYou configure webhook actions in the actions
array. Action-specific attributes
are specified using the webhook
keyword.
The following snippet shows a simple webhook action definition:
"actions" : { "my_webhook" : { "transform" : { ... }, "throttle_period" : "5m", "webhook" : { "method" : "POST", "host" : "mylisteningserver", "port" : 9200, "path": ":/{{ctx.watch_id}", "body" : "{{ctx.watch_id}}:{{ctx.payload.hits.total}}" } } }
The id of the action |
|
An optional transform to transform the payload before
executing the |
|
An optional throttle period for the action (5 minutes in this example) |
|
The HTTP method to use when connecting to the host |
|
The host to connect to |
|
The port to connect to |
|
The path (URI) to use in the HTTP request |
|
The body to send with the request |
You can use basic authentication when sending a request to a secured webservice.
For example, the following webhook
action creates a new issue in GitHub:
"actions" : { "create_github_issue" : { "transform": { "script": "return ['title':'Found errors in \\'contact.html\\'', 'body' : 'Found ' + ctx.payload.hits.total + ' errors in the last 5 minutes', 'assignee' : 'web-admin', 'labels' : ['bug','sev2']]" }, "webhook" : { "method" : "POST", "url" : "https://api.github.com/repos/<owner>/<repo>/issues", "body": "{{#toJson}}ctx.payload{{/toJson}}", "auth" : { "basic" : { "username" : "<username>", "password" : "<password>" } } } } }
By default, both the username and the password are stored in the .watches
index in plain text. When X-Pack security is enabled, Watcher can encrypt the
password before storing it.
You can also use PKI-based authentication when submitting requests to a cluster
secured with X-Pack security. When you use PKI-based authentication instead of HTTP
basic auth, you don’t need to store any authentication information in the watch
itself. To use PKI-based authentication, you https://www.elastic.co/guide/en/elasticsearch/reference/6.2/notification-settings.html#ssl-notification-settings
[configure the SSL key settings] for Watcher in elasticsearch.yml
.
Query Parameters
editYou can specify query parameters to send with the request with the params
field.
This field simply holds an object where the keys serve as the parameter names and
the values serve as the parameter values:
Custom Request Headers
editYou can specify request headers to send with the request with the headers
field.
This field simply holds an object where the keys serve as the header names and
the values serve as the header values:
Webhook Action Attributes
editName | Required | Default | Description |
---|---|---|---|
|
no |
http |
The connection scheme. Valid values are: |
|
yes |
- |
The host to connect to. |
|
yes |
- |
The port the HTTP service is listening on. |
|
no |
- |
The URL path. The path can be static text or include Mustache
templates. URL query string parameters must be
specified via the |
|
no |
get |
The HTTP method. Valid values are: |
|
no |
- |
The HTTP request headers. The header values can be static text or include Mustache templates. |
|
no |
- |
The URL query string parameters. The parameter values can be static text or include Mustache templates. |
|
no |
- |
Authentication related HTTP headers. Currently, only basic authentication is supported. |
|
no |
- |
The HTTP request body. The body can be static text or include Mustache templates. When not specified, an empty body is sent. |
|
no |
- |
The proxy host to use when connecting to the host. |
|
no |
- |
The proxy port to use when connecting to the host. |
|
no |
10s |
The timeout for setting up the http connection. If the connection could not be set up within this time, the action will timeout and fail. |
|
no |
10s |
The timeout for reading data from http connection. If no response was received within this time, the action will timeout and fail. |
|
no |
- |
A shortcut for specifying the request scheme, host, port, and
path as a single string. For example, |
On this page