logstash tomcat catalina.out 告警

<pre name="code" class="html">[elk@dr-mysql01 tomcat]$ cat logstash_tomcat.conf
input {
        file {
                type => "zj_api"
                path => ["/data01/applog_backup/zjzc_log/zj-api*catalina*"]
        }
    
       file { 
                type => "wj_api" 
                path => ["/data01/applog_backup/winfae_log/wj-api*catalina*"] 
        } 

 
}

 filter {
    multiline {  
   pattern => "^s+%{TIMESTAMP_ISO8601}"
  negate=>true  
  what=>"previous"  
 }  
         mutate {
                       add_field => [ "[@metadata][zabbix_key]" , "logstash-api-access" ]
                       add_field => [ "[@metadata][zabbix_host]" , "dr-mysql01" ]
                }


    }

filter {
    grok {
        match => [ "message","(?m)s*%{TIMESTAMP_ISO8601:time}s+(?<Level>(S+)).*"]
     }
     date {
        match => ["time", "yyyy-MM-dd HH:mm:ss,SSS"]
    }
}

output {
         if ([Level]  == "ERROR" or [message] =~ "Exception" ) and [message] !~ "温金服务未连接" {
          zabbix {
		zabbix_host => "[@metadata][zabbix_host]"
		zabbix_key => "[@metadata][zabbix_key]"
        zabbix_server_host => "192.168.32.55"
        zabbix_server_port => "10051"
		zabbix_value => "message"
        }
       }
     if [type] == "zj_api" { 
        redis {
                host => "192.168.32.67"
                data_type => "list"
                key => "zj_api:redis"
                port=>"6379"
                password => "1234567"
        }
}
      else if [type] == "wj_api"{
       redis { 
                host => "192.168.32.67" 
                data_type => "list" 
                key => "wj_api:redis" 
                port=>"6379" 
                password => "1234567" 
        } 
}
}