ELK-json型日志-特殊字段出现ERROR 字段报警配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# cat plat_interface_info.conf
input {
file {
type => "234_plat_inter_info_log"
path => ["/opt/log/plat_inter_info.*.log"]
codec=>"json"
}
}
filter {
if == "234_plat_inter_info_log"
{
if == "ERROR"
{
mutate {
add_tag => "email"
}
}
}
}
output {
elasticsearch {
hosts => ["192.168.1.108:9200"]
index => "logstash-%{type}-%{+YYYY.MM.dd}"
document_type => "%{type}"
workers => 1
flush_size => 20000
idle_flush_time => 10
template_overwrite => true
}
if "email" in
{
email {
port => "25"
address => "smtp.exmail.qq.com"
username => "yeshuai@haochedai.cn"
password => "******"
authentication => "plain"
use_tls => false
from => "yeshuai@haochedai.cn"
subject => "Waring: you have an error on host 192.168.1.234"
to => "1820034099@qq.com, 75069418@qq.com, 1017458803@qq.com, 785129039@qq.com"
via => "smtp"
body => "you hava an error of plat_inter_error!server_ip:192.168.1.234 \n ERROR time: %{@timestamp}+08:00Hours ; \n ERROR message: %{message} ; \n Logger Name: %{logger_name}; \n Level:%{level} ; \n level_value:%{level_value} ; \n Stack_trace : \n %{stack_trace}\n "
}
}
打开kibana发现,email标签已经打上,并发送了邮件:
页:
[1]