How to use fields in http output plugin?

Elastic Stack Logstash
1

I want to attach syslog5424_msg in message field in HTTP output plugin here is my current implementation, but it's erroring

Failed to execute action

I'm not sure if we can interpolate fields in this plugin, any inputs?

http  {
              http_method => "post"
              url => "https://hooks.slack.com/services/XXXX/XXX/XXXXX"
              format => "message"
              message => '{"channel": "alerts","text":' + %{syslog5424_msg} + '}'
    }

p.s it works when given simple string

2

Try

message => '{"channel": "alerts","text": %{syslog5424_msg} }'
3

its erroring out, I think %{syslog5424_msg} is not interpolating its value and slack rejecting this for invalid characters

logstash_1 | [2020-07-31T17:52:22,149][ERROR][logstash.outputs.http ] [HTTP Output Failure] Encountered non-2xx HTTP code 400 {:response_code=>400, :url=>"https://hooks.slack.com/services/xxxx/xxx/xxxx", :event=>#LogStash::Event:0x2ed9b640}

4

The http output definitely sprintf's the message field, so if the syslog5424_msg field exists it should get interpolated.

5

I can see the syslog5424_msg field in the stdout, so we can rule that possibility out.

6

This worked:

message => '{"channel": "alerts","text": "%{syslog5424_msg}" }'

Thanks for the quick response :slight_smile:

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.