[root@localhost etc]# cat plat_interface_info.conf
input {
file {
type => "234_plat_inter_info_log"
path => ["/opt/log/plat_inter_info.*.log"]
codec=>"json"
}
}
filter {
if [type] == "234_plat_inter_info_log"
{
if [level] == "ERROR"
{
mutate {
add_tag => "email"
}
}
}
}
output {
elasticsearch {
hosts => ["192.168.1.108:9200"]
index => "logstash-%{type}-%{+YYYY.MM.dd}"
document_type => "%{type}"
workers => 1
flush_size => 20000
idle_flush_time => 10
template_overwrite => true
}
if "email" in [tags]
{
email {
port => "25"
address => "smtp.exmail.qq.com"
username => "yeshuai@haochedai.cn"
password => "******"
authentication => "plain"
use_tls => false
from => "yeshuai@haochedai.cn"
subject => "Waring: you have an error on host 192.168.1.234"
to => "1820034099@qq.com, 75069418@qq.com, 1017458803@qq.com, 785129039@qq.com"
via => "smtp"
body => "you hava an error of plat_inter_error! server_ip:192.168.1.234 \n ERROR time: %{@timestamp}+08:00Hours ; \n ERROR message: %{message} ; \n Logger Name: %{logger_name}; \n Level:%{level} ; \n level_value:%{level_value} ; \n Stack_trace : \n %{stack_trace}\n "
}
}打开kibana发现,email标签已经打上,并发送了邮件:
本文出自 “清晰明了” 博客,请务必保留此出处http://duanyexuanmu.blog.51cto.com/1010786/1771664
ELK-json型日志-特殊字段出现ERROR 字段报警配置文件
原文地址:http://duanyexuanmu.blog.51cto.com/1010786/1771664
