Hello Elastic World,
I have got logs from our web application shipping into Logstash then onto Elasticsearch. It's all working very well, however I would like to filter some entries in our logs to trigger an alert in Zabbix using the Zabbix output plugin. I have got this working for other logs based on this output configuration in logstash:
output {
if [level] == 'ERROR' {
zabbix {
zabbix_host => "[@metadata][z_host]"
zabbix_key => "[@metadata][z_key]"
zabbix_server_host => "svr-zab-01"
}
}
However I am having troubles getting the conditonal to trigger on the output from a JSON filter.
This is the raw JSON data in the log file:
{"data":null,"success":false,"errorMessage":"Unable to find suburb with postcode 2929","displayError":"Error processing request","statusCode":400,"traceId":"4e1d1e7f-3b8f-40cc-ab52-df0755852d97"}
This is my JSON filter in logstash:
json {
source => "RAW_Response"
target => "Response"
}
Then I can see the json parsed data in kibana:
What I want to do is if the success field is false, output to Zabbix where I will then set up a trigger to send an alert. I have tried with this conditional, however it never fires:
output {
if [Response][success] == 'false' {
zabbix {
zabbix_host => "[@metadata][z_host]"
zabbix_key => "[@metadata][z_key]"
zabbix_server_host => "svr-zab-01"
}
}
Can someone see what I am doing wrong with this conditional?
Cheers,
Tim