I'm want to send alert e-mails for certain log events and I want to print all event fields in e-mail body.
Bud I did not found way how to output them in pretty formatted json.
Currently i use this:
filter {
if "email" in [tags] {
ruby {
init => "require 'json'"
code => "event['@metadata']['json'] = JSON.pretty_generate(event)"
}
}
}
output {
if "email" in [tags] {
email {
to => "sysadmin@growjob.com"
subject => "[%{host}] Log %{type} alert"
body => "%{[@metadata][json]}"
}
}
}
But even when i use pretty_generate output still looks like this:
{"message":"127.0.0.1 - - [27/May/2016:15:26:42 +0200] "GET /ccc HTTP/1.1" 404 162 "-" "curl/7.38.0" "localhost"","@version":"1","@timestamp":"2016-05-27T13:26:42.000Z","path":"/var/log/nginx/access.log","host":"test-router","type":"nginx-access","@original_message":"127.0.0.1 - - [27/May/2016:15:26:42 +0200] "GET /ccc HTTP/1.1" 404 162 "-" "curl/7.38.0" "localhost"","clientip":"127.0.0.1","ident":"-","auth":"-","verb":"GET","request":"/ccc","httpversion":"1.1","response":404,"bytes":162,"referrer":"-","agent":""curl/7.38.0"","http_host":"localhost","name":"Other","os":"Other","os_name":"Other","device":"Other","url":"localhost/ccc","description":"Returned 500 from localhost/ccc","tags":["email"]}