Linux technical support - [email protected]


logstash install notification

filter {
  if  [program] == "yum" {
    grok {
      match => [ "message", "%{WORD:action}: %{GREEDYDATA:application_name}" ]

      add_tag => "linux_install"

      ##comment this line to disable email notification
      add_field => [ "Notification", "yes"]
      ##
    }
  }
}

filter {
  if  [type] == "WindowsLog" {
    grok {
      match => [ "Message", "Installation Successful: Windows successfully installed the following update: %{GREEDYDATA:windows_installed}" ]

      add_tag => "windows_install"

      ##comment this line to disable email notification
      #add_field => [ "Notification", "yes"]
      ##
    }
  }
}

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>