eMail Notification via Logstash

baldy2811 · October 9, 2017, 11:05am

Hi there,

i wanted to have email Notifications when some issues appears.
I created such Output:

output {
elasticsearch {
hosts => ["10.10.5.100:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
if "CRITICAL" in [log_type] or "500" in [nginx.access.response_code] or "404" in [nginx.access.response_code] {
email {
from => "logging@localhost"
to => "daniel@linux-nerd.de"
subject => "Logstash found an error"
body => "ERROR: For more details take a look into Kibana. The message from logstash input: %{message}"
}
}
}

Logstash will shift all data to Elasticsearch but did not send any eMails which these rules.

Could someone tell me where my mistake is?

Cheers

Daniel

magnusbaeck · October 9, 2017, 7:06pm

This is an extremely bad idea that could flood your mailbox with thousands or even millions of messages. Look into using e.g. Elastalert or Elastic's own Watcher instead.

That said, the reason things aren't working is probably that you're not referencing nested fields correctly. See https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#logstash-config-field-references.

system · November 6, 2017, 7:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Email notification with source details Elasticsearch elastic-stack-alerting	4	628	May 30, 2018
Logstash email alerts dynamically from multiple log files Logstash	10	4464	July 6, 2017
Logstash Email Output Logstash	3	416	August 27, 2019
Email notification on ERROR in log Elasticsearch	2	2109	July 6, 2017
Email plugin not working Logstash	4	656	August 11, 2017

eMail Notification via Logstash

Related topics