Skip to content

Commit

Permalink
start rules for "checkable" logs
Browse files Browse the repository at this point in the history 
helps with #14
  • Loading branch information
@widhalmt
widhalmt committed May 10, 2019
1 parent d062559 commit 98db46f
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions filter-50-checkable.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
filter {
if [icinga][facility] == "Checkable" {
if [message] =~ /^Notifications are disabled for/ {
grok {
match => ["message","Notifications are disabled for %{WORD:[icinga][objecttype]} '%{DATA:[icinga][object]}'."]
id => "icinga_notificationsdisabled"
add_tag => "icinga_notificationsdisabled"
tag_on_failure => ["_grokparsefailure","icinga_notificationsdisabled_failed"]
add_field => {
"[icinga][eventtype]" => "notificationsdisabled"
}
}
}
}
}

0 comments on commit 98db46f

Please sign in to comment.