我使用的是logstash 1.4.2,此时此电子邮件提醒工作正常。现在我的系统升级到logstash 1.5.4并且logstash因以下设置较旧而失败:
email {
from => "{{Mailfrom}}"
match => [ "ERROR ALERT", "LOGLEVEL,ERROR" ]
subject => "%{matchName}"
to => "{{Rcptto}}"
via => "smtp"
htmlbody => "<h2>%{matchName}</h2><br/><br/><div
align='center'>%{message}</div>"
options => [
"smtpIporHost", "{{smtpIporHost}}",
"port", "{{smtpPort}}",
"domain", "{{mailDomain}}",
"userName", "{{Mailfrom}}",
"password", "{{MailFromPassword}}",
"authenticationType", "plain",
"starttls", "true"
]
}
现在我收到错误"You are using a deprecated config setting \"match\" set in email. Deprecated settings will continue to work, but are scheduled for removal from logstash in the future. If you have any questions about this, please visit the #logstash channel on freenode irc."
任何人都可以帮助我,因为我应该如何根据1.5.4中的ERROR条件配置它?
提前致谢!
答案 0 :(得分:0)
if ([LOGLEVEL] =~ /ERROR/) {
email {
from => "{{Mailfrom}}"
subject => "ERROR ALERT"
to => "{{Rcptto}}"
via => "smtp"
htmlbody => "<h2>ERROR ALERT</h2><br/><br/><div align='center'>%{message}</div>"
options => [
"smtpIporHost", "{{smtpIporHost}}",
"port", "{{smtpPort}}",
"domain", "{{mailDomain}}",
"userName", "{{Mailfrom}}",
"password", "{{MailFromPassword}}",
"authenticationType", "plain",
"starttls", "true"
]
}
}
根据deprecated documentation of logstash output email,match =>的语法是:
{ "match name", "field.in.event,value.expected, , operand(and/or),field.in.event,value.expected, , or...", "match name", "..." }
在您的示例中,字段为LOGLEVEL,预期值为ERROR。
来自logstash output email的新文档:
此设置已弃用,有利于Logstash的&#34;条件&#34; 功能如果您之前使用此设置,请使用 而是条件。
检查字段LOGLEVEL是否包含ERROR的相应条件:
if ([LOGLEVEL] =~ /ERROR/) { }