Below is the content which im getting in my gmail inbox. I want to remove _id, _index, _type, num_matches, num_hits and @timestamp all this only i want message to be include in my email triggering everytime.
Below is getting into gmail inbox
@timestamp: 2021-05-24T11:16:06Z
_id: 2S0WnnkBz7SOxaiw1TZk
_index: logstash-2021.05.24
_type: _doc
message: <30>May 24 11:16:06 fx-prod-1 prod_fx-control-plane.1.knel5yam 2021-05-24 11:16:06.926 INFO 1 --- [nio-8080-exec-9] com.fxlabs.fxt.rest.run.RunController : Find Latest by job id [8a8089ba777311370177734530902ec8] org [8a8081066e02d6a2016e04eacd2005c7] principal [8a808155647d283a01647d7c5e0d07ba]
num_hits: 8
num_matches: 1
and
Here is the rules.yaml file which i used to trigger email for issue
Alert when the rate of events exceeds a threshold
(Optional)
Elasticsearch host
es_host: elasticsearch.example.com
es_host: elasticsearch.test.com
(Optional)
Elasticsearch port
es_port: 14900
es_port: 9200
(OptionaL) Connect with SSL to Elasticsearch
use_ssl: True
(Optional) basic-auth username and password for Elasticsearch
Hi All,
Below is the content which im getting in my gmail inbox. I want to remove _id, _index, _type, num_matches, num_hits and @timestamp all this only i want message to be include in my email triggering everytime.
Below is getting into gmail inbox @timestamp: 2021-05-24T11:16:06Z _id: 2S0WnnkBz7SOxaiw1TZk _index: logstash-2021.05.24 _type: _doc message: <30>May 24 11:16:06 fx-prod-1 prod_fx-control-plane.1.knel5yam 2021-05-24 11:16:06.926 INFO 1 --- [nio-8080-exec-9] com.fxlabs.fxt.rest.run.RunController : Find Latest by job id [8a8089ba777311370177734530902ec8] org [8a8081066e02d6a2016e04eacd2005c7] principal [8a808155647d283a01647d7c5e0d07ba] num_hits: 8 num_matches: 1
and
Here is the rules.yaml file which i used to trigger email for issue
Alert when the rate of events exceeds a threshold
(Optional)
Elasticsearch host
es_host: elasticsearch.example.com
es_host: elasticsearch.test.com
(Optional)
Elasticsearch port
es_port: 14900
es_port: 9200
(OptionaL) Connect with SSL to Elasticsearch
use_ssl: True
(Optional) basic-auth username and password for Elasticsearch
es_username: someusername
es_password: somepassword
es_username: testelastic es_password: somepassword
(Required)
Rule name, must be unique
name: Exception Alert
(Required)
Type of alert.
the frequency rule type alerts when num_events events occur with timeframe time
type: blacklist
type: any include: ["message"]
(Required)
Index to search, wildcard supported
index: logstash*
(Required, frequency specific)
Alert when this many documents matching the query occur within a timeframe
num_events: 1
(Required, frequency specific)
num_events must occur within this amount of time to trigger an alert
timeframe:
hours: 1
minutes: 1
seconds: 1
compare_key: "message"
blacklist:
- "error"
realert: minutes: 5
This is send out all matches in one email
aggregation:
minutes: 1
seconds: 0
filter:
- term:
message: "[error]"
filter:
- match:
message: "job"
filter:
query: "message: exception AND message: control"
filter:
- query:
query_string:
query: "message: error"
alert:
- slack
slack_webhook_url: "https://hooks.slack.com/services/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"
slack_username_override: "ElastAlert"
slack_username_override: "Mohd Rashid"
- email
email: ["rashidmd777@gmail.com"] smtp_host: "smtp.gmail.com" smtp_port: "587" from_addr: "rashidmd777@gmail.com"
How to do it, Please do let me ASAP