1

I am trying to send email alert from logstash using Riemann. My email should get triggered on meeting certain criteria. I wrote Riemann config to send email alert for that I am sending certain events from logstash, I have hardcoded :description field but in my Riemann server I am seeing description as nil always. I don’t know where I am going wrong.

Riemann Config

(let [host "127.0.0.1"]
  (tcp-server {:host host})
  (udp-server {:host host})
  (ws-server  {:host host}))

  ;Create index and print the values indexed
  (let [eindex (default :ttl 300 (update-index (index)))])


  ;Index event for reserve webservice failure
  (let [email (mailer{…….})]

  (streams
    (where (service "e_log")
      (fixed-time-window
        1 
        (smap
          (fn [events]
           (let [count-of-failures (count (filter #(re-find #"system space*" (:description %)) events))]        ;Calculate the count for matched value
               (event
                {:status "Failure"
                 :metric  count-of-failures 
                 :total-fail (>= count-of-failures 1)})))

          (where (and (= (:status event) "Failure")
                      (:total-fail event))

            (email "dfbnn@gmail.com"))prn)))))

Logstash Config

    riemann{
        host=>localhost
             riemann_event => { "service" => "e_log"
"description" => "system space communication"
"metric" => "%{metric}"
"ttl" => "%{ttl}"                                                                                 
                          }                                        
                    }

In my Riemann server I am seeing :description field as nil always so that :total-fail is false always.

Riemann Server

riemann.codec.Event{:host nil, :service nil, :state nil, :description nil, :metric 0, :tags nil, :time 1447406529, :ttl nil, :status "Failure", :total-fail false}
riemann.codec.Event{:host nil, :service nil, :state nil, :description nil, :metric 0, :tags nil, :time 1447406529, :ttl nil, :status "Failure", :total-fail false}
riemann.codec.Event{:host nil, :service nil, :state nil, :description nil, :metric 0, :tags nil, :time 1447406529, :ttl nil, :status "Failure", :total-fail false}
riemann.codec.Event{:host nil, :service nil, :state nil, :description nil, :metric 0, :tags nil, :time 1447406529, :ttl nil, :status "Failure", :total-fail false}
riemann.codec.Event{:host nil, :service nil, :state nil, :description nil, :metric 0, :tags nil, :time 1447406529, :ttl nil, :status "Failure", :total-fail false}

Thanks in advance

Mangoski
  • 2,058
  • 5
  • 25
  • 43
  • It may be helpful to `prn` the events, so you can verify that the maps you are trying to get the `:description` key of actually have that key. I don't know the first thing about Riemann, but I wonder if maybe the keys are stored as strings like `"description"` instead of keywords like `:description`? – Dave Yarwood Nov 14 '15 at 19:16
  • What is the `=>` symbol in the riemann config? Is that supposed to be a clojure map? – BillRobertson42 Nov 16 '15 at 19:51

1 Answers1

0

Two things that come to my mind:

  1. Something's wrong with the code that sends those events. Can you prn the payload?
  2. This is a far shot: Are these events expired? If they are, chances are the keys are not kept. Try this: (periodically-expire 5 {:keep-keys [:host :service :description ...etc...]}) (of course, change 5 to whatever value you want it to happen).
Marcin Bilski
  • 572
  • 6
  • 13