How to send all the alerts in one mail using logstash

Vamsi_Vutukuri · August 1, 2019, 12:12pm

HI ,

I will get around 100 alerts in a day and all those come in different emails .
So , is there any way i can get all the alerts only in one mail on a particular time everyday using logstash.

Please help me solve it.

This is how far i came :

logstash.conf

input {
file {
path => "/home/Desktop/a.log"
start_position => "beginning"
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }

if "Error" in [message] {
email {
from => "#######@gmail.com"
subject => "Ignore (test run)"
body => "log-message: %{message} \nLog file: %{path}"
to => "#######@gmail.com"
codec => "plain"
contenttype => "text/plain; charset=UTF-8"
address => "smtp.gmail.com"
port => "587"
authentication => "plain"
username => "##########@gmail.com"
password => "############"
use_tls => true
debug => true
}
}
}

andres-perez · July 8, 2019, 8:18am

Logstash by itself doesn't seem the best tool for this use case: it is usually meant for stateless processing.

With X-pack alerting feature, you could:

Set up an elasticsearch query (e.g. how many errors in the last 24 hours or any other aggregation or list)
Schedule a trigger for that search, for example a given time everyday or a complete cron-like configuration.
Send a mail with the results and customize its contents with a template.

Vamsi_Vutukuri · August 1, 2019, 12:22pm

Thanks @andres-perez for the reply.
But x-pack alerting isn't free in ELK.

is there any other alternative or is there any way i can configure via logstash configuration.