Problems configuring logstash for email output
Posted
by
user2099762
on Server Fault
See other posts from Server Fault
or by user2099762
Published on 2014-06-12T13:56:29Z
Indexed on
2014/06/12
15:28 UTC
Read the original article
Hit count: 365
I'm trying to configure logstash to send email alerts and log output in elasticsearch / kibana.
I have the logs successfully syncing via rsyslog, but I get the following error when I run
/opt/logstash-1.4.1/bin/logstash agent -f /opt/logstash-1.4.1/logstash.conf --configtest
Error: Expected one of #, {, ,, ] at line 23, column 12 (byte 387) after filter { if [program] == "nginx-access" {
grok { match => [ "message" , "%{IPORHOST:remote_addr} - %{USERNAME:remote_user} [%{HTTPDATE:time_local}] %{QS:request} %{INT:status} %{INT:body_bytes_sent} %{QS:http_referer} %{QS:http_user_agent}” ] } } }
output { stdout { } elasticsearch { embedded => false host => "
Here is my logstash config file
input {
syslog {
type => syslog
port => 5544
}
}
filter {
if [program] == "nginx-access" {
grok {
match => [ "message" , "%{IPORHOST:remote_addr} - %{USERNAME:remote_user} \[% {HTTPDATE:time_local}\] %{QS:request} %{INT:status} %{INT:body_bytes_sent} %{QS:http_referer} %{QS:http_user_agent}” ]
}
}
}
output {
stdout { }
elasticsearch {
embedded => false
host => "localhost"
cluster => "cluster01"
}
email {
from => "[email protected]"
match => [
"Error 504 Gateway Timeout", "status,504",
"Error 404 Not Found", "status,404"
]
subject => "%{matchName}"
to => "[email protected]"
via => "smtp"
body => "Here is the event line that occured: %{@message}"
htmlbody => "<h2>%{matchName}</h2><br/><br/><h3>Full Event</h3><br/><br/><div align='center'>%{@message}</div>"
}
}
I've checked line 23 which is referenced in the error and it looks fine....I've tried taking out the filter, and everything works...without changing that line.
Please help
© Server Fault or respective owner
