Conditional check on json response

Hello Elastic World,

I have got logs from our web application shipping into Logstash then onto Elasticsearch. It's all working very well, however I would like to filter some entries in our logs to trigger an alert in Zabbix using the Zabbix output plugin. I have got this working for other logs based on this output configuration in logstash:

output {
    if [level] == 'ERROR' {
		zabbix {
			zabbix_host => "[@metadata][z_host]"
			zabbix_key => "[@metadata][z_key]"
			zabbix_server_host => "svr-zab-01"
		}
		
	}

However I am having troubles getting the conditonal to trigger on the output from a JSON filter.

This is the raw JSON data in the log file:

{"data":null,"success":false,"errorMessage":"Unable to find suburb with postcode 2929","displayError":"Error processing request","statusCode":400,"traceId":"4e1d1e7f-3b8f-40cc-ab52-df0755852d97"}

This is my JSON filter in logstash:

json {
			source => "RAW_Response"
			target => "Response"
		}

Then I can see the json parsed data in kibana:

What I want to do is if the success field is false, output to Zabbix where I will then set up a trigger to send an alert. I have tried with this conditional, however it never fires:

output {
	if [Response][success] == 'false' {
		zabbix {
			zabbix_host => "[@metadata][z_host]"
			zabbix_key => "[@metadata][z_key]"
			zabbix_server_host => "svr-zab-01"
		}
		
	}

Can someone see what I am doing wrong with this conditional?

Cheers,

Tim

The success value is a boolean value and not a string. Try this instead:

if ! [Response][success] {
1 Like

Hi,

That is the format I was looking for.

Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.