How to send Query output as an Email

Elastic Stack Elasticsearch
1

Hi Everyone,

I'm stuck at an simple query.

Thing is that we need to send an alert email to administrator if there are more than 3 exception came into process. Exceptions are covered under TransactionStatus key in json.

With below query, I'm able to get the exceptions detail but not aware of that how to send email this output.

GET /_search
{
"_source": {
"includes": [
"timeStamp",
"logF_BusinessProcessName",
"logF_TransactionNumber",
"logF_TransactionField1",
"logF_TransactionField2",
"logF_TransactionField3",
"logF_TransactionField4",
"logF_TransactionField5",
"logF_TransactionField6",
"logF_TransactionField7",
"message"]
},
"query": {
"bool": {
"must": [
{ "match": { "logF_TransactionStatus": "ApplicationException" }},
{ "match": { "processName": "XXXXXXXXXX" }}],
"must_not": [
{ "match": { "level": "Error" }},
{ "match": { "level": "Warn" }}
],
"filter": {
"range": { "timeStamp": { "gte": "now-1h" }}
}
}
}
}

2

You need to create a watch in order to do this. The next step would be to get accustomized with alerting and how to use it, and then send email with it

https://www.elastic.co/guide/en/elastic-stack-overview/7.0/watcher-getting-started.html
https://www.elastic.co/guide/en/elastic-stack-overview/7.0/how-watcher-works.html
https://www.elastic.co/guide/en/elastic-stack-overview/7.0/actions-email.html

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.