Email Output Plugin Issues variables not working

Elastic Stack Logstash
1 
input {
  file {
    type => "log"
    path => "z:\Server.log"
    start_position => "beginning"
  }
   file {
    type => "messagepublisher"
    path => "z:\Server1.log"
    start_position => "beginning"
  }
   jmx {
    path => "C:\logstash\logstash-5.3.0\config\jmx"
    polling_frequency => 20
    type => "jmx"
    nb_thread => 4
  }
}

filter {
		  
		  
	if [type] == "log"
	{

		  if ([message] !~ "2017") 
		  {
			if ([message] !~ "Exception") {
			drop { }
			}
		  }
		       
			grok	{
				#Actual Log
				match => {"message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:loglevel} \[%{DATA:class}\]\[%{DATA:method}\] \[%{DATA:UserId}\] %{GREEDYDATA:msgbody}"}
				#Exception
				match => {"message" => "%{DATA:class} %{GREEDYDATA:msgbody}"}
				}
			date	{
				match => ["logdate", "yyyy-MM-dd HH:mm:ss,SSS", "ISO8601"]
				}
		  
	mutate
	{
	remove_field => ["@version"]
	}
	}

		if [type] == "messagepublisher"
	{

		  			grok	{
				#Actual Log
				match => {"message" => "%{TIMESTAMP_ISO8601:timestamp}\t%{LOGLEVEL:loglevel}\t%{DATA:thread}\t%{DATA:junk1}\t%{DATA:user}\t%{DATA:class3}\t%{DATA:junk2} \{%{DATA:destination}\} \{OBJECT_TYPE=%{DATA:object_type}\} \{OBJECT_CHANGE_TYPE=%{GREEDYDATA:object_change_type}\} \{OBJECT_ID=%{DATA:object_id}\}"}
				
				#Exception
				match => {"message" => "%{TIMESTAMP_ISO8601:timestamp}\t%{LOGLEVEL:loglevel}\t%{DATA:thread}\t%{DATA:junk1}\t%{DATA:user}\t%{DATA:class3}\t%{DATA:junk2} \{OBJECT_TYPE=%{DATA:object_type}\} \{OBJECT_CHANGE_TYPE=%{GREEDYDATA:object_change_type}\} \{OBJECT_ID=%{DATA:object_id}\}"}
				}
				
				date	
				{
				match => ["logdate", "yyyy-MM-dd HH:mm:ss,SSS", "ISO8601"]
				}
		  
				mutate
				{
				remove_field => ["@version","junk1","class3","destination","junk2"]
				}

	}

}

output {
  elasticsearch {
    hosts => ["localhost:9200"]
    user => elastic
    password => changeme
  }

if ("Exception" in [message]) 
{
  	  email {
	    from => "logstash.alert@myc.com"
	    subject => "Exception has occured"
	    to => "me@myc.com"
	    via => "smtp"
	    body => "Here is the event line that occured: %{@message}"
	    htmlbody => "<br/><br/><h3>Full Event : </h3><br/><br/><div align='center'>%{@message}</div>"
	    address => "myserver"
	  }

  }
  stdout { codec => rubydebug }
}

Everything is working as expected, but the variable %{@message} is not getting populated and I am receiving email with %{@message} instead of actual message.
Any pointers here please.

Regards,
Harneet

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.