Last active
December 24, 2015 01:09
-
-
Save bderickson/6721978 to your computer and use it in GitHub Desktop.
Email output plugin for Logstash 1.2.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
input { | |
redis { | |
host => 'logstash-dev.gsc.wustl.edu' | |
type => 'redis-input' | |
data_type => 'list' | |
key => 'logstash' | |
codec => 'json' | |
} | |
} | |
filter { | |
if [message] =~ /oom-killer/ { | |
mutate { | |
add_tag => [ "oom_killer", "email" ] | |
add_field => [ "email_body", "oom-killer has run on this machine, which might have broken something. Please investigate!" ] | |
add_field => [ "email_subject", "oom-killer on %{host}" ] | |
add_field => [ "email_to", "test@example.com" ] | |
} | |
} | |
} | |
output { | |
elasticsearch_http { | |
host => 'logstash-dev.gsc.wustl.edu' | |
index => 'logstash-general-%{+YYYY.MM.dd}' | |
} | |
if "email" in [tags] { | |
email { | |
body => "%{email_body}" | |
from => "test@example.com" | |
subject => "%{email_subject}" | |
to => "%{email_to}" | |
cc => "%{email_cc}" | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{:timestamp=>"2013-09-26T18:14:01.776000-0500", :message=>"Flushing output", :outgoing_count=>1, :time_since_last_flush=>1.001, :outgoing_events=>{nil=>[[#<LogStash::Event:0x16e4ca17 @cancelled=false, @data={"message"=>"pam_unix(sudo:session): session closed for user root", "@timestamp"=>"2013-09-26T23:14:00.000Z", "@version"=>"1", "type"=>"syslog", "host"=>"logstash-dev", "syslog_pri"=>"86", "syslog_program"=>"sudo", "syslog_severity_code"=>6, "syslog_facility_code"=>10, "syslog_facility"=>"security/authorization", "syslog_severity"=>"informational"}>, "logstash-general-%{+YYYY.MM.dd}", ""]]}, :batch_timeout=>1, :force=>true, :final=>nil, :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/stud/buffer.rb", :line=>"207", :method=>"buffer_flush"} | |
{:timestamp=>"2013-09-26T18:16:09.155000-0500", :message=>"filter received", :event=>#<LogStash::Event:0x27b110d4 @cancelled=false, @data={"message"=>"oom-killer", "@timestamp"=>"2013-09-26T23:16:09.000Z", "@version"=>"1", "type"=>"syslog", "host"=>"logstash-dev", "syslog_pri"=>"13", "syslog_program"=>"root", "syslog_severity_code"=>5, "syslog_facility_code"=>1, "syslog_facility"=>"user-level", "syslog_severity"=>"notice"}>, :level=>:info, :file=>"(eval)", :line=>"18", :method=>"initialize"} | |
{:timestamp=>"2013-09-26T18:16:09.161000-0500", :message=>"filters/LogStash::Filters::Mutate: adding value to field", :field=>"email_body", :value=>["oom-killer has run on this machine, which might have broken something. Please investigate!"], :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"131", :method=>"filter_matched"} | |
{:timestamp=>"2013-09-26T18:16:09.164000-0500", :message=>"filters/LogStash::Filters::Mutate: adding value to field", :field=>"email_subject", :value=>["oom-killer on %{host}"], :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"131", :method=>"filter_matched"} | |
{:timestamp=>"2013-09-26T18:16:09.170000-0500", :message=>"filters/LogStash::Filters::Mutate: adding value to field", :field=>"email_to", :value=>["bdericks@genome.wustl.edu"], :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"131", :method=>"filter_matched"} | |
{:timestamp=>"2013-09-26T18:16:09.174000-0500", :message=>"filters/LogStash::Filters::Mutate: adding tag", :tag=>"oom_killer", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"145", :method=>"filter_matched"} | |
{:timestamp=>"2013-09-26T18:16:09.178000-0500", :message=>"filters/LogStash::Filters::Mutate: adding tag", :tag=>"email", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.2.1-flatjar.jar!/logstash/filters/base.rb", :line=>"145", :method=>"filter_matched"} | |
{:timestamp=>"2013-09-26T18:16:09.179000-0500", :message=>"output received", :event=>#<LogStash::Event:0x27b110d4 @cancelled=false, @data={"message"=>"oom-killer", "@timestamp"=>"2013-09-26T23:16:09.000Z", "@version"=>"1", "type"=>"syslog", "host"=>"logstash-dev", "syslog_pri"=>"13", "syslog_program"=>"root", "syslog_severity_code"=>5, "syslog_facility_code"=>1, "syslog_facility"=>"user-level", "syslog_severity"=>"notice", "email_body"=>"oom-killer has run on this machine, which might have broken something. Please investigate!", "email_subject"=>"oom-killer on logstash-dev", "email_to"=>"bdericks@genome.wustl.edu", "tags"=>["oom_killer", "email"]}>, :level=>:info, :file=>"(eval)", :line=>"40", :method=>"initialize"} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment