Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- input {
- file {
- type => "app"
- path => "/var/log/app.log"
- codec => multiline {
- pattern => "^%{TIMESTAMP_ISO8601}.*"
- negate => "true"
- what => "previous"
- }
- }
- }
- filter {
- #If log line contains tab character followed by 'at' then we will tag that entry as stacktrace
- if [message] =~ "\tat" {
- grok {
- match => ["message", "^(\tat)"]
- add_tag => ["stacktrace"]
- }
- }
- #Grokking Spring Boot's default log format
- grok {
- match => ["message", "^%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{LOGLEVEL:loglevel}%{SPACE}%{NUMBER:pid}%{SPACE}---%{SPACE}%{SYSLOG5424SD:threadname}%{SPACE}(?<class>(?:[\.]?[a-zA-Z0-9-]+\.)*[A-Za-z0-9$]+)%{SPACE}:%{SPACE}%{GREEDYDATA:logmessage}$"]
- }
- if "stacktrace" not in [tags] and [loglevel] != "ERROR" {
- drop {}
- }
- #Parsing out timestamps which are in timestamp field thanks to previous grok section
- date {
- match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss.SSS" ]
- }
- }
- output {
- email {
- username => "noreply@domain.com"
- password => "noreply-user"
- address => "domain.com"
- port => 587
- to => "your-failure-inbox@mail.com"
- from => "noreply@domain.com"
- subject => "%{type} reported exception !"
- body => "%{message}"
- }
- }
Add Comment
Please, Sign In to add comment