Logstash + TG

TatianaKlimova91 · July 9, 2024, 8:31am

Hi there!
I try to set logstash.config to send alerts to telegram bot.
I added in output section http part and recreated logstash container, but still can’t get alerts. Locally from api alerts are working.
Logstash placed in k8s.
Any suggestions and personal experience very appreciated
What setting and where i need to add? I didn’t find in internet any detailed instructions.
Thanks

jessgarson · July 11, 2024, 6:17pm

Thanks so much for reaching out, @TatianaKlimova91. Can you say a bit more about how you are sending the requests to Telegram? Do you have a code sample you can provide?

I have seen a few older posts on this topic as well that could be helpful:

TatianaKlimova91 · July 13, 2024, 10:12am

Yes, i alreade have checked these posts, but unfortunately the suggestion there were not helpful:(
The example code og logstash.conf in pipline folder is:

input {
Some code }

filter {
Some code }

output {
elasticsearch plugin output {}
If “string pattern” in [log] {
http plugin { here some code for tg api which works ok from pod by curl request
url => “url here”
http_method => “post”
format => message
content_type => “application/json”
message => ‘{“chat_id”: “id here”, “text”: “text here”}’}
}
}

So, code pattern looks like this. I need to add that when i add http-input-plugin or exec-input-plugin with curl it works fine. The issue is only related with output http plugin.

Mb i missed something?

Rios · July 13, 2024, 3:54pm

Telegram url should have the https connection which means you are missing cacert and ssl_verification_mode parameters.

TatianaKlimova91 · July 14, 2024, 8:33am

Okay, i ll check, thank you for advice!

leandrojmp · July 14, 2024, 1:28pm

Telegram uses public and know CAs, there is no need for it.

Can you change your output to a file and see if you are getting any events? If you are getting events with the file output, but not with the http output, then your issue may be in the configuration of the http output and you would probably have some logs in logstash logs.

TatianaKlimova91 · July 22, 2024, 9:08am

It didn't help, there are no any outputs at all. I can't understand why output plugin doesn't work. Have you got example workable config for check? mb video tutorial?

Rios · July 22, 2024, 7:34pm

Make sure that data has been arrived - use input, nothing in the filter, and output to ruby debug or txt file.
Make sure that any data has been arrived another way - use LS node statistic. LS should provide the JSON some thing like this:

"events" : {
        "duration_in_millis" : 3500,
        "in" : 10,
        "filtered" : 10,
        "out" : 10,...

For more info, check the documentation

Change log.level= trace and restart LS.
If data is coming, check every condition, especially
if “string pattern” in [log] {...

TatianaKlimova91 · July 22, 2024, 8:11pm

Thank you for reply, will check next time.
I decided to use grafana+elastic+telegram and this configuration works well for my goals.
Mb next time i will back to this question, now it could be closed