I want to trigger e-mail from logstash, when a event occurred more then a threshold limit. I have searched and got some suggestion to configure with Mertic, but I m not getting any e-mail. Here is my code below - what wrong I have done here..? please help.
// This is my filter
filter{
if [type] == "agentapp"{
grok { // no issue with this part
...}
date{ // no issue with this part
...}
// I have added this below for threshold
if [message] =~ "Invalid sm_usergroups" {
metrics {
meter => ["Invalid sm_usergroups"]
add_tag => "metric-tag"
}
}
}
}
// This is my output
output{
if "metric-tag" in [tags] and ["Invalid sm_usergroups".rate_15m] > 1 {
email {
..//email code is also working one. checked.
}
}
}
Problem with metric plugin, which wont work properly. We have done it manually, bt counting the threshold and finally sending the mail.