ycz
/
OKR
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

recover logstash alert field

main
ycz008 2024-02-28 21:22:34 +08:00
parent d46ac183af
commit 78d1ff3f14
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dev-upgrade/elastic/logstash-alert.yaml
View File

@ -38,8 +38,9 @@ data:
if [message] =~ "Unauthorized access" {
drop {}
}
if [message] =~ "exchange refresh token" {
drop {}
}
mutate {
split => { "[log][file][path]" => "/" }
add_field => { "env" => "%{[log][file][path][3]}" }