add logstash alert field [stack_trace]

2024-02-29 14:25:49 +08:00 · 2024-02-29 14:25:49 +08:00 · 258f879a76
parent 78d1ff3f14
commit 258f879a76
2 changed files with 30 additions and 20 deletions
--- a/build-image/logstash/log-alert.sh
+++ b/build-image/logstash/log-alert.sh
@ -1,17 +1,17 @@
 #!/bin/bash

 # @timestamp serviceName env level message
-if (($#!=5));then
-    echo "./log-alert.sh %{@timestamp} %{serviceName} %{env} %{level} %{message}"
+if (($#!=6));then
+    echo "./log-alert.sh %{@timestamp} %{serviceName} %{env} %{level} %{message} %{stack_trace}"
    exit 1
 fi

-if [[ -z $1 || -z $2 || -z $3 || -z $4 || -z $5 ]];then
-    echo "one of '%{@timestamp} %{serviceName} %{env} %{level} %{message}' is empty"
+if [[ -z $1 || -z $2 || -z $3 || -z $4 || -z $5 || -z $6 ]];then
+    echo "one of '%{@timestamp} %{serviceName} %{env} %{level} %{message} %{stack_trace}' is empty"
    exit 1
 fi

-msg="timestamp: $1\nserviceName: $2\nenv: $3\nlevel: $4\nmessage: $5\n"
+msg="timestamp: $1\nserviceName: $2\nenv: $3\nlevel: $4\nmessage: $5\nstack_trace: $6\n"
 #echo -ne $msg

 curl -X POST -H "Content-Type: application/json" -d "{\"msg_type\":\"text\",\"content\":{\"text\":\"$msg\"}}" https://open.feishu.cn/open-apis/bot/v2/hook/29dd52e5-70d5-44b0-a443-22ea85382646
--- a/dev-upgrade/elastic/logstash-alert.yaml
+++ b/dev-upgrade/elastic/logstash-alert.yaml
@ -48,21 +48,37 @@ data:
      mutate {
        join => { "[log][file][path]" => "/" }
      }
+      if [stack_trace] {
+       mutate {
+          gsub => [
+            "stack_trace", "\t", "_"
+          ]
+        }
+        mutate {
+          split => { "stack_trace" => "_" }
+          add_field => { "stackFirst" => "%{[stack_trace][0]}" }
+        }
+      }
    }

    output {
-      # stdout { codec => json_lines }
-      # file {
-      #   path => "1.json"
-      #   codec => "json_lines"
+      #stdout { codec => json }
+      # if [stack_trace] {
+      #   file {
+      #     path => "1.json"
+      #     codec => "json_lines"
+      #   }
      # }
-      exec {
-        command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{message}'"
+      if [stack_trace] {
+        exec {
+          command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{message}' '%{stackFirst}' "
+        }
+      } else {
+        exec {
+          command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{message}' '-' "
+        }
      }
    }
-  logstash.yml: |-
-    http.host: "0.0.0.0"
-    xpack.monitoring.elasticsearch.hosts: [ "http://elastic:9200" ]

 ---
 apiVersion: apps/v1
@ -101,10 +117,6 @@ spec:
              mountPath: /usr/share/logstash/pipeline/logstash.conf
              subPath: logstash.conf
              readOnly: true
-            - name: config
-              mountPath: /usr/share/logstash/config/logstash.yml
-              subPath: logstash.yml
-              readOnly: true
      volumes:
        - name: config
          configMap:
@ -112,8 +124,6 @@ spec:
            items:
              - key: logstash.conf
                path: logstash.conf
-              - key: logstash.yml
-                path: logstash.yml

 ---
 apiVersion: v1