search

elastic / logstash

Logstash - transport and process your logs, events, or other data
https://www.elastic.co/products/logstash
Other
14.1k stars 3.48k forks source link

Sensu codec for RabbitMQ output #2124

Open tuukkamustonen opened 9 years ago

tuukkamustonen commented 9 years ago

Originally reported by Brian Preston at https://logstash.jira.com/browse/LOGSTASH-2116

I'm trying to get matching ingested logs to fire a sensu alert. One way I see to do this is have logstash output matching logs into rabbitmq, using the output already written. However the message would need to be formatted into the format sensu uses, which implies a codec.

History: The google group "logstash-users" mentioned a need for this in Nov 2013, but it looks like no one has implemented it yet.

The original thread: https://groups.google.com/forum/#!searchin/logstash-users/sensu/logstash-users/pZkBl7XoTEg/pfCiErPxRI4J

It probably would not need specific codec, if the existing rabbitmq plugin supported customizing the payload.

jaxxstorm commented 9 years ago

Rather than sending the event directly onto the RabbitMQ queue, why not send some JSON to the sensu-client's external results event generator:

http://sensuapp.org/docs/0.15/external_result_input

Akshaykapoor commented 9 years ago

@tuukkamustonen @jaxxstorm Did you guys use sensu to receive events from logstash. If yes, how did you go about it. Can you give me some heads-up. My guess is i will have to use a codec which converts logstash data to sensu-event. If guys can point in the right direction as to how can i achieve it.

Thanks

untergeek commented 8 years ago

We'd love to have this as a contribution. Unfortunately, code for this will not likely be written by the Logstash team, as none of us use Sensu. Adding the "adopt me" tag.