<source>  @type tail  path /var/log/apache2/access.log  # Set the location of your log file  <parse>    @type apache2  </parse>  tag apache.access</source>
<match apache.access>  @type grepcounter  count_interval 3  # The time window for counting errors (in secs)  input_key code    # The field to apply the regular expression  regexp ^5\d\d$    # The regular expression to be applied  threshold 1       # The minimum number of erros to trigger an alert  add_tag_prefix error_5xx  # Generate tags like "error_5xx.apache.access"</match>
<match error_5xx.apache.access>  @type copy  <store>    @type stdout  # Print to stdout for debugging  </store>  <store>    @type mail    host smtp.gmail.com        # Change this to your SMTP server host    port 587                   # Normally 25/587/465 are used for submission    user USERNAME              # Use your username to log in    password PASSWORD          # Use your login password    enable_starttls_auto true  # Use this option to enable STARTTLS    from example@gmail.com     # Set the sender address    to alert@example.com       # Set the recipient address    subject 'HTTP SERVER ERROR'    message Total 5xx error count: %s\n\nPlease check your Apache webserver ASAP    message_out_keys count     # Use the "count" field to replace "%s" above  </store></match>

# for init.d users$ sudo /etc/init.d/td-agent restart
# for systemd users$ sudo systemctl restart td-agent