• Products
  • Get started
  • Documentation
  • Resources

Integrate Opsgenie with Logstash

Logstash logo

What does Opsgenie offer Logstash users?

Logstash sends event information via output plugins. With Opsgenie’s Logstash Integration, Opsgenie acts as a dispatcher for these events, determines the right people to notify based on on-call schedules– notifies via email, text messages (SMS), phone calls, and iPhone & Android push notifications, and escalates alerts until the alert is acknowledged or closed.

Functionality of the integration

According to Logstash events:

  • Alert is created in Opsgenie.

  • Designated alert is acknowledged.

  • Note is added to designated alert.

  • Designated alert is closed.

Add Opsgenie Integration in Opsgenie

  1. Go to Opsgenie Logstash Integration page.

Under the Free and Essentials plans, the tabs under the Team dashboard are limited to Main, Integrations, Members, and Activity Stream.

2. Specify who is notified for Logstash alerts using the Teams field. Auto-complete suggestions are provided as you type.

An alternative for Step 1) and Step 2) is to add the integration from the Team Dashboard of the team which will own the integration. To add an integration directly to a team, navigate to the Team Dashboard and open Integrations tab. Click Add Integration and select the integration that you would like to add.

3. Copy the API Key.

4. Click Save Integration.

Logstash integration

Configuration on Logstash

  1. Logstash Opsgenie Output plugin is available in RubyGems.org. Install the plugin by running

  • Logstash 5.4+bin/logstash-plugin install logstash-output-opsgenie

  • Other Versions: bin/plugin install logstash-output-opsgenie

2. Add the following configuration to the configuration file and populate "apiKey" field with the Logstash Integration API Key.

JSON

1 2 3 4 5 output { opsgenie { "apiKey" => "logstash_integration_api_key" } }

3. Opsgenie Output Plugin expects that events contain a field called "opsgenieAction". Also, Opsgenie expects the data in a certain structure, so some additional fields are added to the event. To add fields, use a filter plugin like Mutate, Grok etc. To get more information about the fields added to events and what they mean, please refer to inline code documentation of the plugin.

If you're using the EU instance of Opsgenie, change the URL to https://api.eu.opsgenie.com for requests to be successful.

An example Mutate filter enhanced with Ruby filter plugin configuration is shown below:

JSON

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 filter { mutate{ add_field => { "opsgenieAction" => "create" "alias" => "neo123" "description" => "Every alert needs a description" "actions" => ["Restart", "AnExampleAction"] "tags" => ["OverwriteQuietHours","Critical"] "[details][prop1]"=> "val1" "[details][prop2]" => "val2" "entity" => "An example entity" "priority" => "P4" "source" => "custom source" "user" => "custom user" "note" => "alert is created" } } ruby { code => "event.set('teams', [{'name' => 'Integration'}, {'name' => 'Platform'}])" } }

4. Run Logstash.

The source for the plugin is available at GitHub

 

Last modified on Mar 28, 2021
Cached at 4:59 AM on Apr 12, 2021 |

Additional Help

Ask the Community