Is it possible to use payload as input to an exec output command?

esguy · November 19, 2020, 9:26pm

Hello,

I have a watcher set up with multiple email actions where each email action has a conditional checking whats in the user field of the payload. For example, if user = 'userGroupA', then it will execute the action that sends email to Group A.

What I would like however, is instead of having a hardcoded list of whether user field = X, I would like to run a shell command that would return user information based on the user field within the payload as input.

Could I do something along the lines of:

output {
      if [user] == "userGroupA" {
        exec {
          command => "ldap <user>"
        }
      }
    }

If this is possible, could I then use that output elsewhere in the watch?

warkolm · November 19, 2020, 10:18pm

There is no exec type action for Alerting sorry to say - https://www.elastic.co/guide/en/elasticsearch/reference/current/actions.html

system · December 17, 2020, 10:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.