zabbix

Milestone: 2

This is a community-contributed plugin! It does not ship with logstash by default, but it is easy to install! To use this, you must have installed the contrib plugins package.

The zabbix output is used for sending item data to zabbix via the zabbix_sender executable.

For this output to work, your event must have the following fields:

“zabbix_host” (the host configured in Zabbix)
“zabbix_item” (the item key on the host in Zabbix)
“send_field” (the field name that is sending to Zabbix)

In Zabbix, create your host with the same name (no spaces in the name of the host supported) and create your item with the specified key as a Zabbix Trapper item. Also you need to set field that will be send to zabbix as item.value, otherwise @message wiil be sent.

The easiest way to use this output is with the grep filter. Presumably, you only want certain events matching a given pattern to send events to zabbix, so use grep or grok to match and also to add the required fields.

 filter {
   grep {
     type => "linux-syslog"
     match => [ "@message", "(error|ERROR|CRITICAL)" ]
     add_tag => [ "zabbix-sender" ]
     add_field => [
       "zabbix_host", "%{source_host}",
       "zabbix_item", "item.key"
       "send_field", "field_name"
     ]
  }
   grok {
     match => [ "message", "%{SYSLOGBASE} %{DATA:data}" ]
     add_tag => [ "zabbix-sender" ]
     add_field => [
       "zabbix_host", "%{source_host}",
       "zabbix_item", "item.key",
       "send_field", "data"
     ]
  }
}

output {
  zabbix {
    # only process events with this tag
    tags => "zabbix-sender"

    # specify the hostname or ip of your zabbix server
    # (defaults to localhost)
    host => "localhost"

    # specify the port to connect to (default 10051)
    port => "10051"

    # specify the path to zabbix_sender
    # (defaults to "/usr/local/bin/zabbix_sender")
    zabbix_sender => "/usr/local/bin/zabbix_sender"
  }
}

Synopsis

This is what it might look like in your config file:

output {
  zabbix {
    codec => ... # codec (optional), default: "plain"
    host => ... # string (optional), default: "localhost"
    port => ... # number (optional), default: 10051
    workers => ... # number (optional), default: 1
    zabbix_sender => ... # a valid filesystem path (optional), default: "/usr/local/bin/zabbix_sender"
  }
}

Details

codec

Value type is codec
Default value is "plain"

The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output, without needing a separate filter in your Logstash pipeline.

exclude_tags DEPRECATED

DEPRECATED WARNING: This config item is deprecated. It may be removed in a further version.
Value type is array
Default value is []

Only handle events without any of these tags. Note this check is additional to type and tags.

host

Value type is string
Default value is "localhost"

port

Value type is number
Default value is 10051

tags DEPRECATED

DEPRECATED WARNING: This config item is deprecated. It may be removed in a further version.
Value type is array
Default value is []

Only handle events with all of these tags. Note that if you specify a type, the event must also match that type. Optional.

type DEPRECATED

DEPRECATED WARNING: This config item is deprecated. It may be removed in a further version.
Value type is string
Default value is ""

The type to act on. If a type is given, then this output will only act on messages with the same type. See any input plugin’s “type” attribute for more. Optional.

workers

Value type is number
Default value is 1

The number of workers to use for this output. Note that this setting may not be useful for all outputs.

zabbix_sender

Value type is path
Default value is "/usr/local/bin/zabbix_sender"

This is documentation from lib/logstash/outputs/zabbix.rb