Dynamic Logstash emails from multiple log files
I have a logstash config file where I wrote a mail alert for the specific text present in the message and automatically send an email with the message. Find the configuration file (logstash.conf).
input {
file {
path => [ "\\IP Address\logs/LMS.log.*_bak" ]
start_position => "beginning"
}
}
output {
elasticsearch {
bind_host => "127.0.0.1"
port => "9200"
protocol => http
}
if "ERROR" in [message] {
email {
from => "logstash.alert@nowhere.com"
subject => "logstash alert"
to => "test.lms@gmail.com"
via => "smtp"
body => "Here is the event line that occured: %{message}"
}
}
}
`Here I am not getting any emails from this configuration. Everyone will find the config gives a solution for me thanks ...
+3
source to share
2 answers
Yes finally I got a solution to send email notifications for any ERROR in the message field.
output {
elasticsearch {
bind_host => "127.0.0.1"
port => "9200"
protocol => http
}
if "ERROR" in [message] {
email {
options => [ "smtpIporHost", "smtp.gmail.com",
"port", "587",
"userName", "test@gmail.com",
"password", "your password",
"authenticationType", "plain",
"starttls","true"
]
from => "<test@gmail.com>"
subject => "logstash alert"
to => "<test@gmail.com>"
via => "smtp"
body => "Here is the event line that occured: %{message}"
}
}
stdout { codec => rubydebug }
}
+1
source to share
Getting this error.
logstash_1 | [2017-08-14T07:05:57,056][ERROR][logstash.plugins.registry] Problems loading a plugin with {:type=>"output", :name=>"email", :path=>"logstash/outputs/email", :error_message=>"NameError", :error_class=>NameError, :error_backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:221:in `namespace_lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:157:in `legacy_lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:133:in `lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:175:in `lookup_pipeline_plugin'", "/usr/share/logstash/logstash-core/lib/logstash/plugin.rb:137:in `lookup'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:88:in `plugin'", "(eval):16:in `initialize'", "org/jruby/RubyKernel.java:1079:in `eval'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:60:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:139:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:277:in `create_pipeline'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:95:in `register_pipeline'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:264:in `execute'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:183:in `run'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:in `run'", "/usr/share/logstash/lib/bootstrap/environment.rb:71:in `(root)'"]}
logstash_1 | [2017-08-14T07:05:57,108][ERROR][logstash.agent ] Cannot load an invalid configuration {:reason=>"Couldn't find any output plugin named 'email'. Are you sure this is correct? Trying to load the email output plugin resulted in this error: Problems loading the requested plugin named email of type output. Error: NameError NameError"}
logstash_1 | 2017-08-14 07:05:57,210 Api Webserver ERROR No log4j2 configuration file found. Using default configuration: logging only errors to the console.
Please take a look and let me know if we need to make additional configuration for using email.
0
source to share