From 78d1ff3f1434c484cdd1142843e07d0b437d75d9 Mon Sep 17 00:00:00 2001
From: ycz008 <yangchengzi@seethingx.com>
Date: Wed, 28 Feb 2024 21:22:34 +0800
Subject: [PATCH] recover logstash alert field

---
 dev-upgrade/elastic/logstash-alert.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/dev-upgrade/elastic/logstash-alert.yaml b/dev-upgrade/elastic/logstash-alert.yaml
index 222ade6..da060ae 100644
--- a/dev-upgrade/elastic/logstash-alert.yaml
+++ b/dev-upgrade/elastic/logstash-alert.yaml
@@ -38,8 +38,9 @@ data:
       if [message] =~ "Unauthorized access" {
         drop {}  
       }
-      
-
+      if [message] =~ "exchange refresh token" {
+        drop {}  
+      }
       mutate {
         split => { "[log][file][path]" => "/" }
         add_field => { "env" => "%{[log][file][path][3]}" }