Hi ,
I am using elk stack of version 7.1.1 + X-pack on unbuntu 14.04 .
i want to trigger a alert whenever the message contains "Exception " keyword in it.
logstash.yml
input {
file {
path => "/home/a.log"
start_position => "beginning"
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => "previous"
}
}
}
filter {
grok {
match => ["message","[%{LOGLEVEL:log-level}\*%{GREEDYDATA:messagedata}"]
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
user => elastic
password => mypassword
}
stdout { codec => rubydebug }
if "Exception" in [message]{
email {
to => "v888888888@gmail.com"
from => "vasadssfrdefd1997@gmail.com"
subject => "Ignore (2-node envinorment test Alerts)"
body => "log-message: %{message} \nLog file: %{path}"
codec => "plain"
address => "smtp.gmail.com"
port => "25"
}
}
}
I am able to write logs into es and console but the email alerts are not working i'm seeing a rare error when i print my logs on console along
please look into the following output on console.
"log-level" => "debug",
"@timestamp" => 2019-07-23T15:32:07.651Z,
"message" => "2019-07-14 09:57:12:001*[debug]*nodejs*req-res-service*sendRequest*990009621098683*88fdad4c-93c3-4e47-88b5-bf9d894863aa*error while sending request.Error: NotLeaderForPartition",
"@version" => "1",
"path" => "/home/a.log",
"host" => "desktop"
}
[ERROR] 2019-07-23 21:02:09.601 [[main]>worker0] email - Something happen while delivering an email {:exception=>#<Net::SMTPAuthenticationError: 530 5.7.0 Must issue a STARTTLS command first. f6sm45399840pga.50 - gsmtp}
Please help me solve it.
