Is it possible to set a threshold or condition when to email to avoid a continuous firing of email?
This is my current script.
if [message] =~ "Caused by:" {
grok{
match =>["message", "Caused by:"]
add_tag =>["shouldmail"]
}
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
}
stdout {
codec => rubydebug
}
if "shouldmail" in [tags] {
email {
debug => true
to => 'dixxx@xxxx.ph,'
username => 'davixxxxxxx@gmail.com'
subject => 'Alert'
authentication => 'plain'
body => "try logstash email"
domain => 'smtp.gmail.com'
address => 'smtp.gmail.com'
port => 587
password => 'trqfvxhndiansafasfvbir'
use_tls => "true"
via => 'smtp'
}
}
}