Email plugin not working

Elastic Stack Logstash
1

I tried this without success.

 output 
   {
          elasticsearch 
    	    {
                hosts => ["localhost:9200"]
                index => "logstash-%{+YYYY.MM.dd}"
            }

       file 
		{
           path => "/var/log/logstash/output_line.log"
           codec => "line"
        }

       stdout 
		{
            codec => rubydebug
        }

    if "alert" in [tags] 
	{
       email 
	    {
         to => 'to.user@domain.com'
         from => 'no-reply@domain.com'
         subject => 'Alert - %{title} %{LOGLEVEL} %{IP} %{TIMESTAMP_ISO8601}'
         body => "Tags: %{tags}\\n\\Content:\\n%{message}"
         domain => 'smtp.domain.com'
         port => 25
        }
    }
}
2

Hi,

What do you mean by not working? What do you see in the logs?

3

Below is my latest output setting. For both Slack as well as email, the messages get delivered but the subject/body is not parsed with actual error messages or %{variables}

Vesrsion of logstash 2.2.4

 slack {
    url => "https://hooks.slack.com/services/G53JLWEF65/B534583M/BoJ03273hdbsdfyt38tUE0bfqKK3"
    format => "%{message}"
  }
       email
            {
         to => 'to.user@domain.com'
         from => 'no-reply@domain.com'
         subject => 'Alert - %{title} %{LOGLEVEL} %{IP} %{TIMESTAMP_ISO8601}'
         body => "%{message}"
         domain => 'smtp.domain.com'
         port => 25
        }

For example in Slack the message is just %{message}
On Email Subject is Alert - %{title} %{LOGLEVEL} %{IP} %{TIMESTAMP_ISO8601} and body is %{message} on every message

4

This fixed it:

body => "%{log-level} at %{@timestamp} on %{type} \n Message: %{information}"

I guess, it's happening because my GROK filter named %{LOGLEVEL:log-leve} and %{GREEDYDATA:information} and so on.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.