Integrate Opsgenie with Logstash
What does Opsgenie offer Logstash users?
Logstash sends event information via output plugins. With Opsgenie’s Logstash Integration, Opsgenie acts as a dispatcher for these events, determines the right people to notify based on on-call schedules– notifies via email, text messages (SMS), phone calls, and iPhone & Android push notifications, and escalates alerts until the alert is acknowledged or closed.
Functionality of the integration
According to Logstash events:
Alert is created in Opsgenie.
Designated alert is acknowledged.
Note is added to designated alert.
Designated alert is closed.
Add Opsgenie Integration in Opsgenie
If you're using Opsgenie's Free or Essentials plan or if you’re using Opsgenie with Jira Service Management's Standard plan, you can add this integration from your team dashboard only. The Integrations page under Settings is not available in your plan.
Go to Teams and select your team.
Select Integrations on the left navigation and then select Add integration.
Adding the integration from your team dashboard will make your team the owner of the integration. This means Opsgenie will assign the alerts received through this integration to your team only. Follow the rest of the steps in this section to set up the integration.
Go to Settings > Integrations. Search for Logstash and select Add.
Specify who is notified for Logstash alerts using the Responders field. Auto-complete suggestions are provided as you type.
Copy the API Key.
Select Save Integration.
Configuration on Logstash
Logstash Opsgenie Output plugin is available in Install the plugin by running
Logstash 5.4+:
bin/logstash-plugin install logstash-output-opsgenie
Other Versions:
bin/plugin install logstash-output-opsgenie
2. Add the following configuration to the configuration file and populate "apiKey" field with the Logstash Integration API Key.
output {
opsgenie {
"apiKey" => "logstash_integration_api_key"
3. Opsgenie Output Plugin expects that events contain a field called "opsgenieAction". Also, Opsgenie expects the data in a certain structure, so some additional fields are added to the event. To add fields, use a filter plugin like Mutate, Grok etc. To get more information about the fields added to events and what they mean, please refer to inline code documentation of the plugin.
If you're using the EU instance of Opsgenie, change the URL to for requests to be successful.
An example Mutate filter enhanced with Ruby filter plugin configuration is shown below:
filter {
add_field => {
"opsgenieAction" => "create"
"alias" => "neo123"
"description" => "Every alert needs a description"
"actions" => ["Restart", "AnExampleAction"]
"tags" => ["OverwriteQuietHours","Critical"]
"[details][prop1]"=> "val1"
"[details][prop2]" => "val2"
"entity" => "An example entity"
"priority" => "P4"
"source" => "custom source"
"user" => "custom user"
"note" => "alert is created"
ruby {
code => "event.set('teams', [{'name' => 'Integration'}, {'name' => 'Platform'}])"
4. Run Logstash.
The source for the plugin is available at GitHub.
Was this helpful?