Skip to content

Instantly share code, notes, and snippets.

@bderickson

bderickson/indexer.conf

Last active December 24, 2015 01:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bderickson/6721978 to your computer and use it in GitHub Desktop.
Save bderickson/6721978 to your computer and use it in GitHub Desktop.
Download ZIP
Email output plugin for Logstash 1.2.1
Raw
indexer.conf
input {
redis {
host => 'logstash-dev.gsc.wustl.edu'
type => 'redis-input'
data_type => 'list'
key => 'logstash'
codec => 'json'
}
}
filter {
if [message] =~ /oom-killer/ {
mutate {
add_tag => [ "oom_killer", "email" ]
add_field => [ "email_body", "oom-killer has run on this machine, which might have broken something. Please investigate!" ]
add_field => [ "email_subject", "oom-killer on %{host}" ]
add_field => [ "email_to", "test@example.com" ]
}
}
}
output {
elasticsearch_http {
host => 'logstash-dev.gsc.wustl.edu'
index => 'logstash-general-%{+YYYY.MM.dd}'
}
if "email" in [tags] {
email {
body => "%{email_body}"
from => "test@example.com"
subject => "%{email_subject}"
to => "%{email_to}"
cc => "%{email_cc}"
}
}
}
Raw
log output
{:timestamp=>"2013-09-26T18:14:01.776000-0500", :message=>"Flushing output", :outgoing_count=>1, :time_since_last_flush=>1.001, :outgoing_events=>{nil=>[[#<LogStash::Event:0x16e4ca17 @cancelled=false, @data={"message"=>"pam_unix(sudo:session): session closed for user root", "@timestamp"=>"2013-09-26T23:14:00.000Z", "@version"=>"1", "type"=>"syslog", "host"=>"logstash-dev", "syslog_pri"=>"86", "syslog_program"=>"sudo", "syslog_severity_code"=>6, "syslog_facility_code"=>10, "syslog_facility"=>"security/authorization", "syslog_severity"=>"informational"}>, "logstash-general-%{+YYYY.MM.dd}", ""]]}, :batch_timeout=>1, :force=>true, :final=>nil, :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/stud/buffer.rb", :line=>"207", :method=>"buffer_flush"}
{:timestamp=>"2013-09-26T18:16:09.155000-0500", :message=>"filter received", :event=>#<LogStash::Event:0x27b110d4 @cancelled=false, @data={"message"=>"oom-killer", "@timestamp"=>"2013-09-26T23:16:09.000Z", "@version"=>"1", "type"=>"syslog", "host"=>"logstash-dev", "syslog_pri"=>"13", "syslog_program"=>"root", "syslog_severity_code"=>5, "syslog_facility_code"=>1, "syslog_facility"=>"user-level", "syslog_severity"=>"notice"}>, :level=>:info, :file=>"(eval)", :line=>"18", :method=>"initialize"}
{:timestamp=>"2013-09-26T18:16:09.161000-0500", :message=>"filters/LogStash::Filters::Mutate: adding value to field", :field=>"email_body", :value=>["oom-killer has run on this machine, which might have broken something. Please investigate!"], :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"131", :method=>"filter_matched"}
{:timestamp=>"2013-09-26T18:16:09.164000-0500", :message=>"filters/LogStash::Filters::Mutate: adding value to field", :field=>"email_subject", :value=>["oom-killer on %{host}"], :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"131", :method=>"filter_matched"}
{:timestamp=>"2013-09-26T18:16:09.170000-0500", :message=>"filters/LogStash::Filters::Mutate: adding value to field", :field=>"email_to", :value=>["bdericks@genome.wustl.edu"], :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"131", :method=>"filter_matched"}
{:timestamp=>"2013-09-26T18:16:09.174000-0500", :message=>"filters/LogStash::Filters::Mutate: adding tag", :tag=>"oom_killer", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"145", :method=>"filter_matched"}
{:timestamp=>"2013-09-26T18:16:09.178000-0500", :message=>"filters/LogStash::Filters::Mutate: adding tag", :tag=>"email", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"145", :method=>"filter_matched"}
{:timestamp=>"2013-09-26T18:16:09.179000-0500", :message=>"output received", :event=>#<LogStash::Event:0x27b110d4 @cancelled=false, @data={"message"=>"oom-killer", "@timestamp"=>"2013-09-26T23:16:09.000Z", "@version"=>"1", "type"=>"syslog", "host"=>"logstash-dev", "syslog_pri"=>"13", "syslog_program"=>"root", "syslog_severity_code"=>5, "syslog_facility_code"=>1, "syslog_facility"=>"user-level", "syslog_severity"=>"notice", "email_body"=>"oom-killer has run on this machine, which might have broken something. Please investigate!", "email_subject"=>"oom-killer on logstash-dev", "email_to"=>"bdericks@genome.wustl.edu", "tags"=>["oom_killer", "email"]}>, :level=>:info, :file=>"(eval)", :line=>"40", :method=>"initialize"}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment