ELK-json型日誌-特殊字段出現ERROR 字段報警配置文件

[root@localhost etc]# cat plat_interface_info.conf 
input {
  file {
    type => "234_plat_inter_info_log"
    path => ["/opt/log/plat_inter_info.*.log"]
    codec=>"json"
      }
}
filter {
if [type] == "234_plat_inter_info_log"
     {
         if [level] == "ERROR"
          {
             mutate {
                   add_tag => "email"
                    }
          }
      }
}
output {
    elasticsearch {
        hosts => ["192.168.1.108:9200"]
        index => "logstash-%{type}-%{+YYYY.MM.dd}"
        document_type => "%{type}"
        workers => 1
        flush_size => 20000
        idle_flush_time => 10
        template_overwrite => true
                 }
 if "email" in [tags]
  {
   email {
        port           =>    "25"
        address        =>    "smtp.exmail.qq.com"
        username       =>    "[email protected]"
        password       =>    "******"
        authentication =>    "plain"
        use_tls        =>    false
        from           =>    "[email protected]"
        subject        =>    "Waring: you have an error on host 192.168.1.234"
        to             =>    "[email protected], [email protected], [email protected], [email protected]"
        via            =>    "smtp"
        body           =>    "you hava an error of plat_inter_error!  server_ip:192.168.1.234 \n ERROR time: %{@timestamp}+08:00Hours ; \n ERROR message: %{message} ; \n Logger Name: %{logger_name}; \n Level:%{level} ; \n level_value:%{level_value} ; \n Stack_trace : \n %{stack_trace}\n "
       }
  }

打開kibana發現，email標籤已經打上，併發送了郵件：