Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Logstash - OpsGenie Integration

Keorapetse Naane
Keorapetse Naane March 11, 2019

Hi all

I have configured logstash-opsgenie integration as per documentation at : https://docs.opsgenie.com/docs/logstash-integration

after restarting logstash, I get the below 


[2019-03-11T11:18:57,780][WARN ][logstash.outputs.opsgenie] No opsgenie action defined
[2019-03-11T11:18:57,780][INFO ][logstash.outputs.opsgenie] processing 2019-03-11T11:17:28.262Z host1 %{message}
[2019-03-11T11:18:57,780][WARN ][logstash.outputs.opsgenie] No opsgenie action defined
[2019-03-11T11:18:57,780][INFO ][logstash.outputs.opsgenie] processing 2019-03-11T11:17:16.941Z host1 %{message}

This is my alert config under filter plugin 

 

if [message] =~ /.*InfluxDB.*/ {
mutate{
  add_field => {
     "opsgenieAction" => "create"
     "alias" => "influxDB"
     "description" => "influx error messages"
     "tags" => "influxdb"
}
}
}

And the output :


output {
opsgenie {
"apiKey" => "logstash_integration_api_key"
}
}


replaced logstash_integration_api_key with opsgenie key 

Am i missing something? 


I thought this(below) is defining an action, to create the alert.

add_field => {
     "opsgenieAction" => "create"
Please advise. 

Answer
Watch
Like Be the first to like this
2025 views

2 answers

1 accepted

1 vote
Answer accepted
Keorapetse Naane
Keorapetse Naane March 13, 2019

So I filtered on the logstash side, i put an if condition on the output.

 

I tag all alerts and filter with that tag on the output. Works great.

 

 

We are still on a free version so the number of requests to the api are limited.

 

I will consider filtering on opsgenie once we purchase one of the paid plans.

Reply
0 votes
Samir
Samir
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 11, 2019

Hi @Keorapetse Naane  - my first instinct would be that it is not matching the filter you have set:

if [message] =~ /.*InfluxDB.*/

 

so that's why it's not finding any action. Can you confirm whether this is the case or not?

View More Comments
Samir
Samir
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 11, 2019

if you remove the filter, so it will match everything, do you run into the same error?

Like
Keorapetse Naane
Keorapetse Naane March 12, 2019

Hi

 

Thanks for the prompt response, when i remove the filter it tries to send all log events to ops genie.

 

I will try to put an if statement(based on a tag) on the opsgenie output,  and tag the events i want sent to opsgenie.

 

I will let you know if it works.

Like
Samir
Samir
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 12, 2019

You can filter on the Opsgenie side. In the advanced view of the integration. You can add filters in the "Create Alert" actions, so you can configure it to only create Opsgenie alerts when the filter is met.

 

This way you can have everything sent from Logstash to Opsgenie, and have the filtering occur on the Opsgenie side. Hopefully this helps.

Like
Keorapetse Naane
Keorapetse Naane March 13, 2019

It was throwing the error because it was trying to push all the log events to opsgenie. 

The filter(if event contains tag "opsgenie) i put in place on the logstash output plugin prevented that, only log events that are supposed to alert where pushed to opsgenie output instead. 

That is how I resolved the issue. 

Like
Samir
Samir
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 13, 2019

Great! Glad you got it resolved @Keorapetse Naane 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
Opsgenie
TAGS
AUG Leaders

Atlassian Community Events

    See all events