diff --git a/build-image/logstash/log-alert.sh b/build-image/logstash/log-alert.sh
index 384a999..a905b90 100755
--- a/build-image/logstash/log-alert.sh
+++ b/build-image/logstash/log-alert.sh
@@ -1,17 +1,17 @@
 #!/bin/bash
 
 # @timestamp serviceName env level message
-if (($#!=5));then
-    echo "./log-alert.sh %{@timestamp} %{serviceName} %{env} %{level} %{message}"
+if (($#!=6));then
+    echo "./log-alert.sh %{@timestamp} %{serviceName} %{env} %{level} %{message} %{stack_trace}"
     exit 1
 fi
 
-if [[ -z $1 || -z $2 || -z $3 || -z $4 || -z $5 ]];then
-    echo "one of '%{@timestamp} %{serviceName} %{env} %{level} %{message}' is empty"
+if [[ -z $1 || -z $2 || -z $3 || -z $4 || -z $5 || -z $6 ]];then
+    echo "one of '%{@timestamp} %{serviceName} %{env} %{level} %{message} %{stack_trace}' is empty"
     exit 1
 fi
 
-msg="timestamp: $1\nserviceName: $2\nenv: $3\nlevel: $4\nmessage: $5\n"
+msg="timestamp: $1\nserviceName: $2\nenv: $3\nlevel: $4\nmessage: $5\nstack_trace: $6\n"
 #echo -ne $msg
 
 curl -X POST -H "Content-Type: application/json" -d "{\"msg_type\":\"text\",\"content\":{\"text\":\"$msg\"}}" https://open.feishu.cn/open-apis/bot/v2/hook/29dd52e5-70d5-44b0-a443-22ea85382646
\ No newline at end of file
diff --git a/dev-upgrade/elastic/logstash-alert.yaml b/dev-upgrade/elastic/logstash-alert.yaml
index da060ae..249b0ee 100644
--- a/dev-upgrade/elastic/logstash-alert.yaml
+++ b/dev-upgrade/elastic/logstash-alert.yaml
@@ -48,21 +48,37 @@ data:
       mutate {
         join => { "[log][file][path]" => "/" }
       }
+      if [stack_trace] {
+       mutate {
+          gsub => [
+            "stack_trace", "\t", "_"
+          ]
+        }
+        mutate {
+          split => { "stack_trace" => "_" }
+          add_field => { "stackFirst" => "%{[stack_trace][0]}" }
+        }
+      }
     }
 
     output {
-      # stdout { codec => json_lines }
-      # file {
-      #   path => "1.json"
-      #   codec => "json_lines"
+      #stdout { codec => json }
+      # if [stack_trace] {
+      #   file {
+      #     path => "1.json"
+      #     codec => "json_lines"
+      #   }
       # }
-      exec {
-        command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{message}'"
+      if [stack_trace] {
+        exec {
+          command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{message}' '%{stackFirst}' "
+        }
+      } else {
+        exec {
+          command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{message}' '-' "
+        }
       }
     }
-  logstash.yml: |-
-    http.host: "0.0.0.0"
-    xpack.monitoring.elasticsearch.hosts: [ "http://elastic:9200" ]
 
 ---
 apiVersion: apps/v1
@@ -101,10 +117,6 @@ spec:
               mountPath: /usr/share/logstash/pipeline/logstash.conf
               subPath: logstash.conf
               readOnly: true
-            - name: config
-              mountPath: /usr/share/logstash/config/logstash.yml
-              subPath: logstash.yml
-              readOnly: true
       volumes:
         - name: config
           configMap:
@@ -112,8 +124,6 @@ spec:
             items:
               - key: logstash.conf
                 path: logstash.conf
-              - key: logstash.yml
-                path: logstash.yml
 
 ---
 apiVersion: v1