OKR/dev-upgrade/elastic/logstash-alert.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: logstash-config-alert
data:
  logstash.conf: |-
    input {
      kafka{
        bootstrap_servers => "10.2.0.12:30002,10.2.0.12:30003,10.2.0.12:30004"
        topics => ["beaconfire-logback-prod"]
        group_id => "logstash-app-alert"
        auto_offset_reset => "latest"
        codec => json
      }
    }

    filter {
      if [tags][json] {
        json {
          source => "message"
        }
      }
      if [level] == "TRACE" {
        drop {}
      }
      if [level] == "DEBUG" {
        drop {}
      }
      if [level] == "INFO" {
        drop {}
      }
      if [level] == "WARN" {
        drop {}
      }
      if [message] =~ "Fail to parse JWT due to: Jwt expired at" {
        drop {}
      }
      if [message] =~ "Unauthorized access" {
        drop {}  
      }
      if [message] =~ "exchange refresh token" {
        drop {}  
      }
      if [message] =~ "No sess token provided" {
        drop {}  
      }
      if [message] =~ "Servlet.service" {
        drop {}  
      }
      if [message] =~ "no data hit with the given appCode" {
        drop {}  
      }
      mutate {
        split => { "[log][file][path]" => "/" }
        add_field => { "env" => "%{[log][file][path][3]}" }
      }
      mutate {
        join => { "[log][file][path]" => "/" }
      }
      mutate {
          gsub => [
            "message", "\n", " "
          ]
      } 
      if [stack_trace] {
       mutate {
          gsub => [
            "stack_trace", "\n", "_"
          ]
        }
        mutate {
          split => { "stack_trace" => "_" }
          add_field => { "stackFirst" => "%{[stack_trace][0]}" }
        }
      }
    }

    output {
      #stdout { codec => json }
      # if [stack_trace] {
      #   file {
      #     path => "1.json"
      #     codec => "json_lines"
      #   }
      # }
      if [stack_trace] {
        exec {
          command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{message}' '%{stackFirst}' "
        }
      } else {
        exec {
          command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{message}' '-' "
        }
      }
    }
  logstash.yml: |-
    http.host: "0.0.0.0"
    xpack.monitoring.elasticsearch.hosts: [ "http://elastic:9200" ]

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: logstash-alert
  labels:
    app: logstash-alert
spec:
  replicas: 1
  selector:
    matchLabels:
      app: logstash-alert
  template:
    metadata:
      labels:
        app: logstash-alert
    spec:
      imagePullSecrets:
        - name: deploy-regcred
      containers:
        - name: logstash-alert
          image: beaconfireiic/logstash:7.16.3
          imagePullPolicy: Always
          ports:
            - containerPort: 5044
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 1
              memory: 1Gi
          volumeMounts:
            - name: config
              mountPath: /usr/share/logstash/pipeline/logstash.conf
              subPath: logstash.conf
              readOnly: true
            - name: config
              mountPath: /usr/share/logstash/config/logstash.yml
              subPath: logstash.yml
              readOnly: true
      volumes:
        - name: config
          configMap:
            name: logstash-config-alert
            items:
              - key: logstash.conf
                path: logstash.conf
              - key: logstash.yml
                path: logstash.yml

---
apiVersion: v1
kind: Service
metadata:
  name: logstash-alert
  labels:
    app: logstash-alert
spec:
  ports:
    - port: 5044
      targetPort: 5044
  selector:
    app: logstash-alert
  type: ClusterIP
add logstash alert 2024-02-26 14:45:35 +08:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
add logstash alert imgpull 2024-02-26 15:06:26 +08:00			`name: logstash-config-alert`
add logstash alert 2024-02-26 14:45:35 +08:00			`data:`
			`logstash.conf: \|-`
			`input {`
			`kafka{`
			`bootstrap_servers => "10.2.0.12:30002,10.2.0.12:30003,10.2.0.12:30004"`
			`topics => ["beaconfire-logback-prod"]`
add logstash config rename 2024-02-26 16:00:48 +08:00			`group_id => "logstash-app-alert"`
add logstash alert 2024-02-26 14:45:35 +08:00			`auto_offset_reset => "latest"`
			`codec => json`
			`}`
			`}`

			`filter {`
			`if [tags][json] {`
			`json {`
			`source => "message"`
			`}`
			`}`
			`if [level] == "TRACE" {`
			`drop {}`
			`}`
			`if [level] == "DEBUG" {`
			`drop {}`
			`}`
			`if [level] == "INFO" {`
			`drop {}`
			`}`
			`if [level] == "WARN" {`
			`drop {}`
			`}`
			`if [message] =~ "Fail to parse JWT due to: Jwt expired at" {`
			`drop {}`
			`}`
add logstash-alert filter and add field stack_trace 2024-02-28 14:38:34 +08:00			`if [message] =~ "Unauthorized access" {`
			`drop {}`
			`}`
recover logstash alert field 2024-02-28 21:22:34 +08:00			`if [message] =~ "exchange refresh token" {`
			`drop {}`
			`}`
logstal filter field drop 2024-03-01 14:35:39 +08:00			`if [message] =~ "No sess token provided" {`
			`drop {}`
			`}`
remove servlet service 2024-03-01 16:31:16 +08:00			`if [message] =~ "Servlet.service" {`
			`drop {}`
			`}`
add logstash alert field [stack_trace] 2024-03-01 17:01:40 +08:00			`if [message] =~ "no data hit with the given appCode" {`
			`drop {}`
			`}`
add logstash alert 2024-02-26 14:45:35 +08:00			`mutate {`
			`split => { "[log][file][path]" => "/" }`
			`add_field => { "env" => "%{[log][file][path][3]}" }`
			`}`
			`mutate {`
			`join => { "[log][file][path]" => "/" }`
			`}`
logstash message \n\t " " 2024-03-05 16:30:00 +08:00			`mutate {`
			`gsub => [`
logstash message \n " " 2024-03-05 16:48:34 +08:00			`"message", "\n", " "`
logstash message \n\t " " 2024-03-05 16:30:00 +08:00			`]`
			`}`
add logstash alert field [stack_trace] 2024-02-29 14:25:49 +08:00			`if [stack_trace] {`
			`mutate {`
			`gsub => [`
replace \t to \n 2024-02-29 17:45:13 +08:00			`"stack_trace", "\n", "_"`
add logstash alert field [stack_trace] 2024-02-29 14:25:49 +08:00			`]`
			`}`
			`mutate {`
			`split => { "stack_trace" => "_" }`
			`add_field => { "stackFirst" => "%{[stack_trace][0]}" }`
			`}`
			`}`
add logstash alert 2024-02-26 14:45:35 +08:00			`}`

			`output {`
add logstash alert field [stack_trace] 2024-02-29 14:25:49 +08:00			`#stdout { codec => json }`
			`# if [stack_trace] {`
			`# file {`
			`# path => "1.json"`
			`# codec => "json_lines"`
			`# }`
add logstash alert 2024-02-26 14:45:35 +08:00			`# }`
add logstash alert field [stack_trace] 2024-02-29 14:25:49 +08:00			`if [stack_trace] {`
			`exec {`
			`command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{message}' '%{stackFirst}' "`
			`}`
			`} else {`
			`exec {`
			`command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{message}' '-' "`
			`}`
add logstash alert 2024-02-26 14:45:35 +08:00			`}`
			`}`
add logstash alert field [stack_trace] 2024-02-29 14:33:59 +08:00			`logstash.yml: \|-`
			`http.host: "0.0.0.0"`
			`xpack.monitoring.elasticsearch.hosts: [ "http://elastic:9200" ]`
add logstash alert 2024-02-26 14:45:35 +08:00
			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
add logstash alert imgpull 2024-02-26 15:34:17 +08:00			`name: logstash-alert`
add logstash alert 2024-02-26 14:45:35 +08:00			`labels:`
add logstash alert imgpull 2024-02-26 15:34:17 +08:00			`app: logstash-alert`
add logstash alert 2024-02-26 14:45:35 +08:00			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
add logstash alert imgpull 2024-02-26 15:34:17 +08:00			`app: logstash-alert`
add logstash alert 2024-02-26 14:45:35 +08:00			`template:`
			`metadata:`
			`labels:`
add logstash alert imgpull 2024-02-26 15:34:17 +08:00			`app: logstash-alert`
add logstash alert 2024-02-26 14:45:35 +08:00			`spec:`
add logstash alert imgpull 2024-02-26 15:06:26 +08:00			`imagePullSecrets:`
add logstash alert imgpull 2024-02-26 15:34:17 +08:00			`- name: deploy-regcred`
add logstash alert 2024-02-26 14:45:35 +08:00			`containers:`
add logstash alert imgpull 2024-02-26 15:34:17 +08:00			`- name: logstash-alert`
add logstash alert 2024-02-26 14:45:35 +08:00			`image: beaconfireiic/logstash:7.16.3`
add logstash imagepullpolicy 2024-02-26 16:25:42 +08:00			`imagePullPolicy: Always`
add logstash alert 2024-02-26 14:45:35 +08:00			`ports:`
			`- containerPort: 5044`
			`resources:`
			`requests:`
			`cpu: 100m`
			`memory: 128Mi`
			`limits:`
			`cpu: 1`
			`memory: 1Gi`
			`volumeMounts:`
			`- name: config`
			`mountPath: /usr/share/logstash/pipeline/logstash.conf`
			`subPath: logstash.conf`
			`readOnly: true`
add logstash alert field [stack_trace] 2024-02-29 14:33:59 +08:00			`- name: config`
			`mountPath: /usr/share/logstash/config/logstash.yml`
			`subPath: logstash.yml`
			`readOnly: true`
add logstash alert 2024-02-26 14:45:35 +08:00			`volumes:`
			`- name: config`
			`configMap:`
add logstash config rename 2024-02-26 15:39:36 +08:00			`name: logstash-config-alert`
add logstash alert 2024-02-26 14:45:35 +08:00			`items:`
			`- key: logstash.conf`
			`path: logstash.conf`
add logstash alert field [stack_trace] 2024-02-29 14:33:59 +08:00			`- key: logstash.yml`
			`path: logstash.yml`
add logstash alert 2024-02-26 14:45:35 +08:00
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
add logstash alert imgpull 2024-02-26 15:34:17 +08:00			`name: logstash-alert`
add logstash alert 2024-02-26 14:45:35 +08:00			`labels:`
add logstash alert imgpull 2024-02-26 15:34:17 +08:00			`app: logstash-alert`
add logstash alert 2024-02-26 14:45:35 +08:00			`spec:`
			`ports:`
			`- port: 5044`
			`targetPort: 5044`
			`selector:`
add logstash alert imgpull 2024-02-26 15:34:17 +08:00			`app: logstash-alert`
logstal filter field drop 2024-03-01 14:35:39 +08:00			`type: ClusterIP`