How to send certain fields of the event to email while using grep?

13 views
Skip to first unread message

Tirtha Ghosh

unread,
Jan 21, 2017, 1:46:04 AM1/21/17
to Fluentd Google Group
<source>
    @type forward
    port 24224
</source>
<match fluentd.logs.**>
    @type copy
    <store>
        @type elasticsearch
        host localhost
        port 9200
        index_name fluentd
        type_name fluentd
    </store>
    <store>
        @type grepcounter
        count_interval 3
        input_key response_code
        regexp ^5\d\d$
        threshold 1
        add_tag_prefix error_5xx
    </store>
</match>
<match error_5xx.fluentd.logs.**>
# The event that comes here looks like
#{
#  "count":1,
#  "input_tag":"error_5xx.apache.access",
#  "input_tag_last":"access",
#  "message":[500]
#}

    @type copy

    <store>
        @type stdout
    </store>

    <store>
        @type mail
        host smtp.gmail.com #This is for Gmail and Google Apps. Any SMTP server should work
        port 587 #This is the port for smtp.gmail.com
        user tirtha...@gmail.com
        password **************
        enable_starttls_auto true
        from tirtha...@gmail.com
        to tirtha...@gmail.com
        subject '[URGENT] NODE APP 5XX ERROR'
        message Total 5xx error count: %s\n\nPlease check your nodeapp ASAP
        message_out_keys count #The value of 'count' will be substituted into %s above.
    </store>
</match>

my event is like: 
{
                        time: moment().format(),
body: req.body || {},
query: req.query,
path: req.path,
method: req.method,
response_code: <the response code>,
bytes: <no_of_bytes>,
response_time: <response_time>
}

How do I send the 'method','path', 'time', in the email body?

Mr. Fiber

unread,
Jan 21, 2017, 5:28:29 PM1/21/17
to Fluentd Google Group
Hi,

grep plugin instead of grepcounter is not fit for your case?
Your threshould is 1 so grep plugin seems enough.

If you want to use grepcounter, sending a patch to grepcounter
to add new feature which assign more field to the result is one case.


Masahiro

--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages