I want to set up sending notifications about errors

Hello. I want to set up sending notifications about errors (errors in the operation of Apache, MySQL, Nginx, as well as if the server is not available) from logstesh to e-mail. Wrote at ./logstash/pipeline/logstash.conf

input {
        beats {
                port => 5044
        }

        tcp {
                port => 5000
        }
}

## Add your filters / logstash plugins configuration here


output {
        elasticsearch {
                hosts => "https://elasticsearch:9200"
                ssl => true
                ssl_certificate_verification => false
                cacert => "/usr/share/logstash/config/ca.crt"
                user => "elastic"
                password => "passwd"
                ecs_compatibility => disabled
        }

        email {
                to => "user@domain.ru"
                from => "user@domain.ru"
                username => "user@domain.ru"
                password => "passwd"
                authentication => "plain"
                subject => "Alert - %{@hostname}"
                body => "Tags: %{@timestamp}\\n\\Content:\\n%{@message}"
                address => "mail.domain.ru"
                port => "587"
                use_tls => "true"
                via => "smtp"
        }

}

that's what, messages with the specified text go, but how to achieve the desired result for me? Thanks in advance for your reply.

Hi Sasha,

Is this maybe that what you are looking for? The Alerting is handled via Kibana Alerting rules.

Kind Regards,
Marcus

I am using a basic license. This can become an obstacle to using this type of alert?

You can parse the messages and tag them if they indicate an error. Then use a conditional in the output section to send them using email only if they are tagged.

1 Like

Thank you very much for your help. Configured the sending of notifications. But only messages appeared:
Unable to load connector types Request has been forbidden by antivirus
and kibana began to write an error in some dashboards.
Could it be related to what I put in the xpack.encryptedSavedObjects.encryptionKey: just a 35 character string?

Configured sending metrics (configured from kibana). And how to force the system to send messages with the text of the error (for example, if an Apache error gets to the ELK, then send this text to e-mail)? I turned over all the documentation and just can't find what I need. I missed something. Do I understand correctly that it is necessary to update the message field value in the alert? But how?

WIth the basic license you can't send alerts using e-mail, the only alerts available with the basic license are index and logging, the index one can write the alert into a new index, the logging one will just write the alert in the kibana logs.

If you want to send the alerts through e-mail you will need to write a tool to do that based on the available alerts or find a third-party tool that does that.

Thanks for the answer. Another question arose. Is it possible to manually start sending from logstash-output-email, is it possible to somehow adjust the frequency of sending messages from logstash-output-email, is it possible to configure sending messages from logstash-output-email on a specific event? Thanks in advance for your reply.

If you believe the forum thread, then sending notifications in the base license is possible. Or has something changed? https://discuss.elastic.co/t/alerts-in-elk/236763/2