This is my logstash.conf file. I am trying use logstash-output-zabbix plugin for alerting. But getting this error...
Field referenced by log_getter is missing {:level=>:warn}
I have a host named ELK in zabbix server with a log_getter item and hello as key (Zabbix trapper).
My config file...
input {
lumberjack {
port => 5000
type => "logs"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
filter {
grok {
match => [ "message", "%{SYSLOGBASE} %{DATA:data}" ]
add_tag => [ "zabbix-sender" ]
add_field => [
"zabbix_host", "%{source_host}",
"zabbix_item", "item.key",
"send_field", "data"
]
}
}
output{
elasticsearch{
host => localhost
}
}
output {
zabbix {
zabbix_host => "log_getter"
zabbix_key =>"hello"
zabbix_server_host => "10.0.30.215"
}
}
According to the zabbix plugin docs the plugin expects zabbix_host => to contain a field name which holds the zabbix host name. Since you don't have any field called log_getter you get an error: Field referenced by log_getter is missing
Both, zabbix_host and zabbix_key expect the value to be a field reference. You've already set the values in your grok filter. Just use them in your output config:
zabbix {
zabbix_host => "zabbix_host"
}
The zabbix_key value is not required. You can leave it out. Probably you will need to change your zabbix server configuration correspondingly to accept the events.