add logstash-alert filter and add field stack_trace

build-image/logstash/log-alert.sh

@@ -1,17 +1,17 @@
 #!/bin/bash
 
 # @timestamp serviceName env level message
-if (($#!=5));then
+if (($#!=6));then
-    echo "./log-alert.sh %{@timestamp} %{serviceName} %{env} %{level} %{message}"
+    echo "./log-alert.sh %{@timestamp} %{serviceName} %{env} %{level} %{message} %{stack_trace}"
     exit 1
 fi
 
-if [[ -z $1 || -z $2 || -z $3 || -z $4 || -z $5 ]];then
+if [[ -z $1 || -z $2 || -z $3 || -z $4 || -z $5 || -z $6 ]];then
     echo "one of '%{@timestamp} %{serviceName} %{env} %{level} %{message}' is empty"
     exit 1
 fi
 
-msg="timestamp: $1\nserviceName: $2\nenv: $3\nlevel: $4\nmessage: $5\n"
+msg="timestamp: $1\nserviceName: $2\nenv: $3\nlevel: $4\nmessage: $5\nstack_trace: $6\n"
 #echo -ne $msg
 
 curl -X POST -H "Content-Type: application/json" -d "{\"msg_type\":\"text\",\"content\":{\"text\":\"$msg\"}}" https://open.feishu.cn/open-apis/bot/v2/hook/29dd52e5-70d5-44b0-a443-22ea85382646

dev-upgrade/elastic/logstash-alert.yaml

@@ -35,6 +35,13 @@ data:
       if [message] =~ "Fail to parse JWT due to: Jwt expired at" {
         drop {}
       }
+      if [message] =~ "Unauthorized access" {
+        drop {}  
+      }
+      if [message] =~ "exchange refresh token" {
+        drop {}  
+      } 
+
       mutate {
         split => { "[log][file][path]" => "/" }
         add_field => { "env" => "%{[log][file][path][3]}" }
@@ -51,7 +58,7 @@ data:
       #   codec => "json_lines"
       # }
       exec {
-        command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{message}'"
+        command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{message}' '%{stack_trace}'"
       }
     }
   logstash.yml: |-