You can configure Watcher to send email from any SMTP email service. Email messages can contain basic HTML tags. You can control which tags are allowed by Configuring HTML Sanitization Options.
You configure the accounts Watcher can use to send email in your
elasticsearch.yml configuration file.
Each account configuration has a unique name and specifies all of the SMTP information needed
to send email from that account. You can also specify defaults for all emails that are sent through
the account. For example, you can set defaults for the
bcc fields to ensure that all
emails are sent from the same address and always blind copied to the same address.
If your email account is configured to require two step verification, you need to generate and use a unique App Password to send email from Watcher. Authentication will fail if you use your primary password.
If you configure multiple email accounts, you specify which account the email should be sent
with in the email action. If there is only one account configured, you
do not have to specify the
account attribute in the action definition. However, if you configure
multiple accounts and omit the
account attribute, there is no guarantee which account will be
used to send the email.
To add an email account, set the
watcher.actions.email.service.account property in
elasticsearch.yml. See Email Account Attributes for the
Currently, neither Watcher nor Shield provide a mechanism to encrypt settings
elasticsearch.yml. Because the email account credentials appear in plain text,
you should limit access to
elasticsearch.yml to the user that you use to run Elasticsearch.
For example, the following snippet configures a single Gmail account named
watcher.actions.email.service.account: work: profile: gmail email_defaults: from: 'John Doe <email@example.com>' bcc: firstname.lastname@example.org smtp: auth: true starttls.enable: true host: smtp.gmail.com port: 587 user: <username> password: <password>
The email profile defines a strategy for building a MIME message. As with almost every standard
out there, different email systems interpret the MIME standard differently and have slightly
different ways of structuring MIME messages. Watcher provides three email profiles:
If you are using Gmail or Outlook, we recommend using the corresponding profile. Use the
profile if you are using some other email system. For more information about configuring Watcher
to work with different email systems, see:
Table 1. Email Account Attributes
The profile to use to
build the MIME messages that are sent from
the account. Valid values:
An optional set of email attributes to use as defaults for the emails sent from the account. See Email Action Attributes for the supported attributes. for the possible email attributes)
The SMTP server to connect to.
The SMTP server port to connect to.
The user name for SMTP.
The password for the specified SMTP user.
SMTP attributes that enable fine control
over the SMTP protocol when sending messages.
for the full list of SMTP properties you can
set. Note that all timeouts (
Use the following email account settings to send email from the Gmail SMTP service:
watcher.actions.email.service.account: gmail_account: profile: gmail smtp: auth: true starttls.enable: true host: smtp.gmail.com port: 587 user: <username> password: <password>
If you get an authentication error that indicates that you need to continue the sign-in process from a web browser when Watcher attempts to send email, you need to configure Gmail to Allow Less Secure Apps to access your account.
If two-step verification is enabled for your account, you must generate and use a unique App Password to send email from Watcher.See Sign in using App Passwords for more information.
Use the following email account settings to send email action from the Outlook.com SMTP service:
watcher.actions.email.service.account: outlook_account: profile: outlook smtp: auth: true starttls.enable: true host: smtp-mail.outlook.com port: 587 user: <username> password: <password>
You need to use a unique App Password if two-step verification is enabled. See App passwords and two-step verification for more information.
Use the following email account settings to send email from the Amazon Simple Email Service (SES) SMTP service:
Use the following email account settings to send email action from Microsoft Exchange:
You can control which HTML features are allowed or disallowed by configuring the
watcher.actions.email.html.sanitization.disallow settings in
elasticsearch.yml. You can specify
individual HTML elements and the feature groups described in the following table. By default,
Watcher allows the following features:
All table related elements:
The following block elements:
The following inline formatting elements:
All images (external and embedded).
Only embedded images. Embedded images can only use the
For example, the following settings allow the HTML to contain tables and block elements, but
watcher.actions.email.html.sanitization: allow: _tables, _blocks disallow: h4, h5, h6
To disable sanitization entirely, add the following setting to