Search results for "{{ search.query }}"

No results found for "{{search.query}}". 
View All Results

Logstash Integration

Logstash is a data pipeline that helps you process logs and other event data from a variety of systems. With plugins, Logstash can connect to a variety of sources and stream data at scale to a central analytics system.

​What does OpsGenie offer to Logstash users?

Logstash send event information via output plugins. With OpsGenie Integration, OpsGenie acts as a dispatcher for these events, determining the right people to notify based on on-call schedules, notifying them using email, text messages (SMS), phone calls and iPhone & Android push notifications, and escalating alerts until the alert is acknowledged or closed.

Functionality of the integration

According to Logstash events:

  • Alert can be created in OpsGenie.
  • Designated alert can be acknowledged.
  • Note can be added to designated alert.
  • Designated alert can be closed.

Add Logstash Integration in OpsGenie

  1. Please create an OpsGenie account if you haven't done already
  2. Go to OpsGenie Logstash Integration page,
  3. Specify who should be notified for Logstash alerts using the "Teams" field. Auto-complete suggestions will be provided as you type.
  4. Copy the Api Key by clicking on the copy button or selecting.
  5. Click on "Save Integration".

Configuration on Logstash

  1. Logstash OpsGenie Output plugin is available in RubyGems.org. Install the plugin by running
    • Logstash 5.4+: bin/logstash-plugin install logstash-output-opsgenie
    • Other Versions: bin/plugin install logstash-output-opsgenie
  2. Add the following configuration to your configuration file and populate "apiKey" field with your Logstash Integration API Key.
output {
    opsgenie {
        "apiKey" => "logstash_integration_api_key"
    }
}
  1. Opsgenie Output Plugin expects that events should contain a field "opsgenieAction". Also, OpsGenie expects the data in a certain structure, so some additional fields should be added to the event. To add fields, you can use a filter plugin like Mutate, Grok etc. To get more information about the fields added to events and what they mean, please refer to inline code documentation of the plugin. An example Mutate filter enhanced with Ruby filter plugin configuration is shown below:
filter {
  mutate{
    add_field => {
        "opsgenieAction" => "create"
        "alias" => "neo123"
        "description" => "Every alert needs a description"
        "actions" => ["Restart", "AnExampleAction"]
	"tags" => ["OverwriteQuietHours","Critical"]
	"[details][prop1]"=> "val1"
        "[details][prop2]" => "val2"
        "entity" => "An example entity"
        "priority" => "P4"
	"source" => "custom source"
	"user" => "custom user"
	"note" => "alert is created"
        }
    }
    ruby {
 	 code => "event.set('teams', [{'name' => 'Integration'}, {'name' => 'Platform'}])"
    }
}
  1. And run Logstash.

The source for the plugin is available at GitHub

Logstash Integration