Hi Team,
So i want to send alerts in telegram through it's bot, using http output plugin.
the purpose of this config is that whenever data is ingested in elasticsearch, i'll get a message in my telegram.
the data is being fetched from filebeat to logstash and then in elasticseacrh.
here is my configuration file,
input {
beats{
port => "5044"
}
}
filter {
grok {
match => {
"message" => '%{IPORHOST:remote_ip} - %{DATA:user_name} [%{HTTPDATE:time}] "%{WORD:request_action} %{DATA:request} HTTP/%{NUMBER:http_version}" %{NUMBER:response} %{NUMBER:bytes} "%{DATA:referrer}" "%{DATA:agent}"'
}
}date {
match => [ "time", "dd/MMM/YYYY:HH:mm:ss Z" ]
locale => en
}geoip {
source => "remote_ip"
target => "geoip"
}useragent {
source => "agent"
target => "user_agent"
}
}output {
file{
path => "/var/log/logstash/test4.txt"
}
elasticsearch {
index => "alerttest"
hosts => ["192.168.0.102:9200","192.168.0.105:9200"]
}
http {
url => "https://api.telegram.org/botxxxxxxx:yyyyyyyyyy/sendMessage?chat_id =zzzzzzz"
format => "message"
content_type => "application / json"
http_method => "post"
message => '
{
"text": "Hello Bot here"
}
'
}
}
whenever i run logstash i make an indice in elasticsearch, but i don't get any alert in telegram.
however, when i manually try to send alerts using API it works, either i use curl or directly in browser.
i use curl like this and it works,
curl -X POST "https://api.telegram.org/botxxxxxxx:yyyyyyyyyy/sendMessage" -d "chat_id=zzzzzzz&text=test"
and i manually hit the browser with this api
https://api.telegram.org/botxxxxxxx:yyyyyyyyyyy/sendMessage?chat_id=zzzzzzzz&text=hey
both manual method works just fine.
i get alerts with the api's
which mean bot is working just fine.
but the problem is with the config. file,
really need a help on this.
Thanks and Regards,
Sagar Mandal