/indexer.conf
Last active Dec 24, 2015
Email output plugin for Logstash 1.2.1
| input { | |
| redis { | |
| host => 'logstash-dev.gsc.wustl.edu' | |
| type => 'redis-input' | |
| data_type => 'list' | |
| key => 'logstash' | |
| codec => 'json' | |
| } | |
| } | |
| filter { | |
| if [message] =~ /oom-killer/ { | |
| mutate { | |
| add_tag => [ "oom_killer", "email" ] | |
| add_field => [ "email_body", "oom-killer has run on this machine, which might have broken something. Please investigate!" ] | |
| add_field => [ "email_subject", "oom-killer on %{host}" ] | |
| add_field => [ "email_to", "test@example.com" ] | |
| } | |
| } | |
| } | |
| output { | |
| elasticsearch_http { | |
| host => 'logstash-dev.gsc.wustl.edu' | |
| index => 'logstash-general-%{+YYYY.MM.dd}' | |
| } | |
| if "email" in [tags] { | |
| email { | |
| body => "%{email_body}" | |
| from => "test@example.com" | |
| subject => "%{email_subject}" | |
| to => "%{email_to}" | |
| cc => "%{email_cc}" | |
| } | |
| } | |
| } |
| {:timestamp=>"2013-09-26T18:14:01.776000-0500", :message=>"Flushing output", :outgoing_count=>1, :time_since_last_flush=>1.001, :outgoing_events=>{nil=>[[#<LogStash::Event:0x16e4ca17 @cancelled=false, @data={"message"=>"pam_unix(sudo:session): session closed for user root", "@timestamp"=>"2013-09-26T23:14:00.000Z", "@version"=>"1", "type"=>"syslog", "host"=>"logstash-dev", "syslog_pri"=>"86", "syslog_program"=>"sudo", "syslog_severity_code"=>6, "syslog_facility_code"=>10, "syslog_facility"=>"security/authorization", "syslog_severity"=>"informational"}>, "logstash-general-%{+YYYY.MM.dd}", ""]]}, :batch_timeout=>1, :force=>true, :final=>nil, :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/stud/buffer.rb", :line=>"207", :method=>"buffer_flush"} | |
| {:timestamp=>"2013-09-26T18:16:09.155000-0500", :message=>"filter received", :event=>#<LogStash::Event:0x27b110d4 @cancelled=false, @data={"message"=>"oom-killer", "@timestamp"=>"2013-09-26T23:16:09.000Z", "@version"=>"1", "type"=>"syslog", "host"=>"logstash-dev", "syslog_pri"=>"13", "syslog_program"=>"root", "syslog_severity_code"=>5, "syslog_facility_code"=>1, "syslog_facility"=>"user-level", "syslog_severity"=>"notice"}>, :level=>:info, :file=>"(eval)", :line=>"18", :method=>"initialize"} | |
| {:timestamp=>"2013-09-26T18:16:09.161000-0500", :message=>"filters/LogStash::Filters::Mutate: adding value to field", :field=>"email_body", :value=>["oom-killer has run on this machine, which might have broken something. Please investigate!"], :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"131", :method=>"filter_matched"} | |
| {:timestamp=>"2013-09-26T18:16:09.164000-0500", :message=>"filters/LogStash::Filters::Mutate: adding value to field", :field=>"email_subject", :value=>["oom-killer on %{host}"], :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"131", :method=>"filter_matched"} | |
| {:timestamp=>"2013-09-26T18:16:09.170000-0500", :message=>"filters/LogStash::Filters::Mutate: adding value to field", :field=>"email_to", :value=>["bdericks@genome.wustl.edu"], :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"131", :method=>"filter_matched"} | |
| {:timestamp=>"2013-09-26T18:16:09.174000-0500", :message=>"filters/LogStash::Filters::Mutate: adding tag", :tag=>"oom_killer", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"145", :method=>"filter_matched"} | |
| {:timestamp=>"2013-09-26T18:16:09.178000-0500", :message=>"filters/LogStash::Filters::Mutate: adding tag", :tag=>"email", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"145", :method=>"filter_matched"} | |
| {:timestamp=>"2013-09-26T18:16:09.179000-0500", :message=>"output received", :event=>#<LogStash::Event:0x27b110d4 @cancelled=false, @data={"message"=>"oom-killer", "@timestamp"=>"2013-09-26T23:16:09.000Z", "@version"=>"1", "type"=>"syslog", "host"=>"logstash-dev", "syslog_pri"=>"13", "syslog_program"=>"root", "syslog_severity_code"=>5, "syslog_facility_code"=>1, "syslog_facility"=>"user-level", "syslog_severity"=>"notice", "email_body"=>"oom-killer has run on this machine, which might have broken something. Please investigate!", "email_subject"=>"oom-killer on logstash-dev", "email_to"=>"bdericks@genome.wustl.edu", "tags"=>["oom_killer", "email"]}>, :level=>:info, :file=>"(eval)", :line=>"40", :method=>"initialize"} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment