Email alert for exception

Elastic Stack Elasticsearch
1

Hi,

I am running the Elastic Stack on Red Hat Enterprise Linux release 8.8 (Ootpa) and the versions are as below.

# rpm -qa | grep logstash
logstash-8.11.0-1.x86_64
# rpm -qa | grep elasticsearch
elasticsearch-8.11.0-1.x86_64
# rpm -qa | grep kibana
kibana-8.11.0-1.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.8 (Ootpa)
#

Is there a way to configure email alerts if there are any exceptions or errors found on any application logs which are indexed and stored in Elasticsearch?

Please guide. I am running an open source community edition. Thanks in advance.

Best Regards,

Kaushal

2

Hi,

Checking in again, if someone can pitch in for my earlier post to this forum? Please guide me.

Thanks in advance.

Best Regards,

Kaushal

3

Hi @kaushalshriyan

Any Exception on Any Log....

That is a pretty broad request... I think you should start with the documentation and how to...

What kind of Logs? What constitutes and Exception? etc...etc...

Come back with some specific questions and perhaps we can help

4

@stephenb Thanks for the detailed response. I have a specific use case, for example I have the below specific string as exception in /opt/tomcat9/logs/paymentapi.log

"No valid account"

So whenever there are any occurrences of the above string in Elasticsearch, the ELK stack should trigger an email alert.

Is there a free and OSS version of Elastic Observability to install it on Red Hat Enterprise Linux release 8.8 (Ootpa)?

Please guide me.

Thanks in advance.

Best Regards,

Kaushal

5

Hi @kaushalshriyan

I can not provide all the steps you are going to need to read some of the documents, how to etc...

1st do you have the logs ingested into Elasticsearch already?

How did you ingest them?

Can you show a sample JSONs of a couple of the logs documents that are already in elasticsearch?

There is a lot alerting functionality in the Basic / Free version ... BUT email alerting requires a commercial license...

The Basic license which is Free you can create Alerts and Write the alerts to an index... some people use another tool like logstash to read that index and send emails (that is a little more complicated)

First I would try to create an alert... we can worry about the emails later...

6

Thanks Stephen for the detailed explanation. I will go through the documentation. Much appreciated as always. Keep up the good work. :clap: :clap: :clap:

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.