Sending Logs to Slack

cotcadaver · February 4, 2016, 7:59pm

Hey guys,
I am having trouble understanding why my instance of logstash isn't sending the files to slack. I was hoping a pair of fresh eyes may be able to find my mistakes. I am simply using an Ubuntu server and am wanting to send some of the server's own logs as a test.

input{
  file{
     path => "/var/log/apt/history.log"
  }
}

filter{
  grok{
     match => {"message" =>"%{GREEDYDATA:message}"}
  }
}

output {
  slack {
     url => "MY_SLACK_WEBHOOK"
     channel => "#logs-syslog"
  }
}

magnusbaeck · February 4, 2016, 8:01pm

Are new lines being appended to the end of history.log, which Logstash is tailing?

cotcadaver · February 4, 2016, 8:18pm

That is my understanding of how the logs are set up.

magnusbaeck · February 4, 2016, 8:38pm

If you replace the slack output with stdout { codec => rubydebug }, you get output?