Logstash zabbix output

Question

This is my logstash.conf file. I am trying use logstash-output-zabbix plugin for alerting. But getting this error...

Field referenced by log_getter is missing {:level=>:warn}

I have a host named ELK in zabbix server with a log_getter item and hello as key (Zabbix trapper).

My config file...
input {
  lumberjack {
    port => 5000
    type => "logs"
    ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
    ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
  }
}

filter {
  grok {
    match => [ "message", "%{SYSLOGBASE} %{DATA:data}" ]
    add_tag => [ "zabbix-sender" ]
    add_field => [
      "zabbix_host", "%{source_host}",
      "zabbix_item", "item.key",
      "send_field", "data"
    ]
  }
}

output{
  elasticsearch{
    host => localhost
  }
}

output {
  zabbix {
    zabbix_host => "log_getter"
    zabbix_key =>"hello"
    zabbix_server_host => "10.0.30.215"
  }
}

Answer 1

According to the zabbix plugin docs the plugin expects zabbix_host => to contain a field name which holds the zabbix host name. Since you don't have any field called log_getter you get an error: Field referenced by log_getter is missing

Both, zabbix_host and zabbix_key expect the value to be a field reference. You've already set the values in your grok filter. Just use them in your output config:

zabbix {
    zabbix_host => "zabbix_host"
}

The zabbix_key value is not required. You can leave it out. Probably you will need to change your zabbix server configuration correspondingly to accept the events.