diff --git a/dev-upgrade/elastic/logstash-alert.yaml b/dev-upgrade/elastic/logstash-alert.yaml
index 222ade6..da060ae 100644
--- a/dev-upgrade/elastic/logstash-alert.yaml
+++ b/dev-upgrade/elastic/logstash-alert.yaml
@@ -38,8 +38,9 @@ data:
       if [message] =~ "Unauthorized access" {
         drop {}  
       }
-      
-
+      if [message] =~ "exchange refresh token" {
+        drop {}  
+      }
       mutate {
         split => { "[log][file][path]" => "/" }
         add_field => { "env" => "%{[log][file][path][3]}" }