eMail Notification via Logstash

baldy2811 · October 9, 2017, 11:05am

Hi there,

i wanted to have email Notifications when some issues appears.
I created such Output:

output {
elasticsearch {
hosts => ["10.10.5.100:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
if "CRITICAL" in [log_type] or "500" in [nginx.access.response_code] or "404" in [nginx.access.response_code] {
email {
from => "logging@localhost"
to => "daniel@linux-nerd.de"
subject => "Logstash found an error"
body => "ERROR: For more details take a look into Kibana. The message from logstash input: %{message}"
}
}
}

Logstash will shift all data to Elasticsearch but did not send any eMails which these rules.

Could someone tell me where my mistake is?

Cheers

Daniel

magnusbaeck · October 9, 2017, 7:06pm

This is an extremely bad idea that could flood your mailbox with thousands or even millions of messages. Look into using e.g. Elastalert or Elastic's own Watcher instead.

That said, the reason things aren't working is probably that you're not referencing nested fields correctly. See https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#logstash-config-field-references.

system · November 6, 2017, 7:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Email notification on ERROR in log Elasticsearch	2	2107	July 6, 2017
Logstash conf file for Email Alert Logstash	6	309	January 17, 2023
Send html email using watcher Kibana	3	1429	October 11, 2018
【Please share info】Plugins and OSS for implementing alert functions in kibana (elasticsearch) version 7 series Kibana elastic-stack-alerting	1	237	May 1, 2023
Automating Email Whitelisting for Alerts (elasticsearch, kibana) Kibana elastic-stack-alerting	11	1253	September 30, 2022

eMail Notification via Logstash

Related Topics