Logstash Email Output

userR · July 29, 2019, 8:12pm

Hi,

I am wondering how to configure an email output for Outlook. In my current logstash configuration, I have the following code:

output {
  elasticsearch {
    hosts => "localhost:9200"
    index => "somename"
  }
  if "Error" in [message]
     email {
       to=> 'email@somemail.com'
       from => 'email@anotheremail.com'
       subject => 'ALERT: Error in Logs'
       body => "Tags: %{tag}\\n\\Information:\\n%{message}"
     }
  }
  stdout{}
}

I see here that I will need to configure the SMTP in elasticsearch.yml. My question is: Is that all the required info to send an email when a log contains error? Also, is xpack.notifcations included in the default subscription?

guyboertje · July 30, 2019, 3:40pm

The plugin starts a SMTP conversation with a SMTP server. If the server is not running locally (on localhost) you need to provide an address setting. The examples omit this because a local SMTP server listening on port 25 is assumed.

userR · July 30, 2019, 5:50pm

Just to be clear, I won't be able to configure this with a regular subscription correct? I do not have alerting currently and I believe notifications is part of that package.

system · August 27, 2019, 5:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.