没有从Logstash 1.5.4获取每个错误电子邮件警报 [英] Not getting each error email alert from logstash 1.5.4

问题描述

我的ELK设置如下:

HOST1:组件(生成日志)+ Logstash(将日志发送到Redis)

HOST1: Component(which generates log) + Logstash (To send logs to redis)

HOST2 :Redis + Elasticsearch + Logstash(基于grok解析数据并将其发送到相同设置的Elasticsearch)

HOST2: Redis + Elasticsearch + Logstash ( To parse data based on grok and send it to elasticsearch on same setup)

HOST3 :Redis + Elasticsearch + Logstash(用于基于grok解析数据并将其发送到相同设置的Elasticsearch)

HOST3: Redis + Elasticsearch + Logstash ( To parse data based on grok and send it to elasticsearch on same setup)

HOST4::nginx + Kibana 4

HOST4: nginx + Kibana 4

现在，当我从logstash发送一条错误日志行到redis时，我在Kibana 4中得到了两次输入.

Now when I send one error log line from logstash to redis, I get double entry in Kibana 4. Like below:

此外，尽管配置为在 severity =="Erro" 时发送警报，但我没有从logstash收到任何电子邮件警报.

Plus I didnt get any email alert from logstash, although it is configured to send alert when severity == "Erro".

这是logstash conf文件的一部分:

this is part of logstash conf file:

output {
elasticsearch { host => ["<ELK IP>"]  port => "9200" protocol => "http" }
if [severity] =~ /Erro/
{
email {
        from => "someone@somedomain.com"
        subject => "Error Alert"
        to => "someone@somedomain.com"
        via => "smtp"
        htmlbody => "<h2>Error Alert1</h2><br/><br/><div
        align='center'>%{message}</div>"
        options => [
               "smtpIporHost", "smtp.office365.com",
               "port", "587",
               "domain", "smtp.office365.com",
               "userName", "someone@somedomain.com",
               "password", "somepasswd",
               "authenticationType", "login",
               "starttls", "true"
       ]
}
}
stdout { codec => rubydebug }
}

我正在使用以下自定义grok模式来解析日志行:

I am using following custom grok pattern to parse log line:

ABTIMESTAMP %{YEAR}%{MONTHNUM2}%{MONTHDAY} %{USERNAME}
ABLOGLEVEL (Note|Erro|Fatl|Warn|Urgt)
ABLOG %{ABTIMESTAMP:timestamp} %{HOST:hostname} %{WORD:servername} %{INT:pid} %{INT:lwp} %{INT:thread} %{ABLOGLEVEL:severity};%{USERNAME:event}\(%{NUMBER:msgcat}/%{NUMBER:msgnum}\)%{GREEDYDATA:greedydata}

这里有什么帮助，如何为每个错误日志行获取每个电子邮件警报?

Any help here as, how to get each email alert for every error log line?

提前谢谢！

推荐答案

已解决...实际上，我在logstash/conf.d文件夹中有多个conf文件.我删除了所有不必要的文件，只保留了我的conf文件，现在可以正常工作了. :).谢谢Val的帮助

resolved it... Actually I was having multiple conf files in logstash/conf.d folder. I removed all unnecessary files and only kept my conf file and now its working. :). Thank you Val for your help

这篇关于没有从Logstash 1.5.4获取每个错误电子邮件警报的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！