eMail Notification via Logstash

baldy2811 · October 9, 2017, 11:05am

Hi there,

i wanted to have email Notifications when some issues appears.
I created such Output:

output {
elasticsearch {
hosts => ["10.10.5.100:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
if "CRITICAL" in [log_type] or "500" in [nginx.access.response_code] or "404" in [nginx.access.response_code] {
email {
from => "logging@localhost"
to => "daniel@linux-nerd.de"
subject => "Logstash found an error"
body => "ERROR: For more details take a look into Kibana. The message from logstash input: %{message}"
}
}
}

Logstash will shift all data to Elasticsearch but did not send any eMails which these rules.

Could someone tell me where my mistake is?

Cheers

Daniel

magnusbaeck · October 9, 2017, 7:06pm

This is an extremely bad idea that could flood your mailbox with thousands or even millions of messages. Look into using e.g. Elastalert or Elastic's own Watcher instead.

That said, the reason things aren't working is probably that you're not referencing nested fields correctly. See https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#logstash-config-field-references.

system · November 6, 2017, 7:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.