0

I want to trigger e-mail from logstash, when a event occurred more then a threshold limit. I have searched and got some suggestion to configure with Mertic, but I m not getting any e-mail. Here is my code below - what wrong I have done here..? please help.

// This is my filter
filter{
  if [type] == "agentapp"{
    grok { // no issue with this part
    ...}
    date{ // no issue with this part
    ...}    
  // I have added this below for threshold
  if [message] =~ "Invalid sm_usergroups" {
        metrics {
            meter => ["Invalid sm_usergroups"]
            add_tag => "metric-tag"
        }
    }       
  }
}

// This is my output
output{
  if "metric-tag" in [tags] and ["Invalid sm_usergroups".rate_15m] > 1 {
    email {
    ..//email code is also working one. checked.
    }
  }
}
Krish
  • 19
  • 1
  • 2
  • 7
  • also I have a doubt like, how we can check 'metric' plugin is installed in ELK, i am working on a already build stack, need to upgrade it... but im stacked for long time... any help is acceptable. – Krish Sep 06 '18 at 08:11
  • Issue was with Mertic plugin.. which wont work properly. – Krish Jan 17 '19 at 07:29

1 Answers1

0

Problem with metric plugin, which wont work properly. We have done it manually, bt counting the threshold and finally sending the mail.

Krish
  • 19
  • 1
  • 2
  • 7