Hello. I want to set up sending notifications about errors (errors in the operation of Apache, MySQL, Nginx, as well as if the server is not available) from logstesh to e-mail. Wrote at ./logstash/pipeline/logstash.conf
input {
beats {
port => 5044
}
tcp {
port => 5000
}
}
## Add your filters / logstash plugins configuration here
output {
elasticsearch {
hosts => "https://elasticsearch:9200"
ssl => true
ssl_certificate_verification => false
cacert => "/usr/share/logstash/config/ca.crt"
user => "elastic"
password => "passwd"
ecs_compatibility => disabled
}
email {
to => "user@domain.ru"
from => "user@domain.ru"
username => "user@domain.ru"
password => "passwd"
authentication => "plain"
subject => "Alert - %{@hostname}"
body => "Tags: %{@timestamp}\\n\\Content:\\n%{@message}"
address => "mail.domain.ru"
port => "587"
use_tls => "true"
via => "smtp"
}
}
that's what, messages with the specified text go, but how to achieve the desired result for me? Thanks in advance for your reply.
You can parse the messages and tag them if they indicate an error. Then use a conditional in the output section to send them using email only if they are tagged.
Thank you very much for your help. Configured the sending of notifications. But only messages appeared: Unable to load connector types Request has been forbidden by antivirus
and kibana began to write an error in some dashboards.
Could it be related to what I put in the xpack.encryptedSavedObjects.encryptionKey: just a 35 character string?
Configured sending metrics (configured from kibana). And how to force the system to send messages with the text of the error (for example, if an Apache error gets to the ELK, then send this text to e-mail)? I turned over all the documentation and just can't find what I need. I missed something. Do I understand correctly that it is necessary to update the message field value in the alert? But how?
WIth the basic license you can't send alerts using e-mail, the only alerts available with the basic license are index and logging, the index one can write the alert into a new index, the logging one will just write the alert in the kibana logs.
If you want to send the alerts through e-mail you will need to write a tool to do that based on the available alerts or find a third-party tool that does that.
Thanks for the answer. Another question arose. Is it possible to manually start sending from logstash-output-email, is it possible to somehow adjust the frequency of sending messages from logstash-output-email, is it possible to configure sending messages from logstash-output-email on a specific event? Thanks in advance for your reply.
If you believe the forum thread, then sending notifications in the base license is possible. Or has something changed? https://discuss.elastic.co/t/alerts-in-elk/236763/2
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.