Email alert with Logstash -

i have configured elk stack (logstash, elastic search , and kibana)and have custom log file below.

05/august/2015:16:55:10 : www.****.com : statuscode = 200 : time in seconds load = 0.734 05/august/2015:16:55:11 : ****.my : statuscode = 403 : time in seconds load = 0.340 05/august/2015:17:00:01 : www. ****.mx : statuscode = 200 : time in seconds load = 2.282 05/august/2015:17:00:03 : www. ****.my : statuscode = 200 : time in seconds load = 2.663 05/august/2015:17:00:06 : www. ****.co.id : statuscode = 200 : time in seconds load = 1.455 05/august/2015:17:00:08 : ****. ****.my : statuscode = 200 : time in seconds load = 1.684

i have configured log succesfully on logstash , displaying in kibana. want configure email alert if of above website in logs shows 504 or 403 status code more 5 count continously. know need add filter matching pattern of log file. custom log, i’m unable it.

the best way write own script, did in python.

the following needed:

• the script scheduled , search inside elasticsearch result.
• once result found trigger reaction.
• if have monitoring system, can send trigger system have 1 centralized interface.
• if want email can use python send email result including number of errors found, server name , other information debug problem.
• if run script every 10 minutes should in elasticsearch database events in past 10 minutes, if run once hour should data past hour.
• you can use cron scheduling script need find way monitor in case of failing, use rundeck , sends me email if 1 of jobs fails.

i know might seem complex if using logstash infrastructure worth writing script , easy adjust different searches once written.

another option might wait watcher plugin elastic, post on site planning add gui interface once official ga release out, don't know when happen might better solution, though more limited working python.