I want to attach syslog5424_msg in message field in HTTP output plugin here is my current implementation, but it's erroring
Failed to execute action
I'm not sure if we can interpolate fields in this plugin, any inputs?
http {
http_method => "post"
url => "https://hooks.slack.com/services/XXXX/XXX/XXXXX"
format => "message"
message => '{"channel": "alerts","text":' + %{syslog5424_msg} + '}'
}
p.s it works when given simple string
Try
message => '{"channel": "alerts","text": %{syslog5424_msg} }'
its erroring out, I think %{syslog5424_msg} is not interpolating its value and slack rejecting this for invalid characters
logstash_1 | [2020-07-31T17:52:22,149][ERROR][logstash.outputs.http ] [HTTP Output Failure] Encountered non-2xx HTTP code 400 {:response_code=>400, :url=>"https://hooks.slack.com/services/xxxx/xxx/xxxx", :event=>#LogStash::Event:0x2ed9b640}
The http output definitely sprintf's the message field, so if the syslog5424_msg field exists it should get interpolated.
I can see the syslog5424_msg field in the stdout, so we can rule that possibility out.
This worked:
message => '{"channel": "alerts","text": "%{syslog5424_msg}" }'
Thanks for the quick response 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.