7.4.2 exclude_files not workinig

alces · August 10, 2020, 2:20pm

Hello,
I'm running elk and beats at 7.4.2 and I'm having trouble with the "exclude_files" config:
Following are extractions of my filebeat.yml and my system.yml:

filebeat.yml:

filebeat.inputs:
- type: log
  enabled: false
  paths:
    #/var/log/messages*

---------------------------------
system.yml:

- module: system
  syslog:
    enabled: true
	exclude_files: ['.+\.bz2$']
    var.paths: ["/var/log/messages*"]

My goal is to use only the modules for providing the paths filebeat should process.
I've tried a couple of thing but I can't get this to work. As soon as I copy any logfile to /var/log/messages-narf.bz2 or similar the harvester starts and sends the logfiles to my elk stack.

kvch · August 10, 2020, 2:59pm

Hi,

exclude_files is an input level option, not module level. Thus, you have to specifiy the option under the input namespace.

The correct config is the following:

- module: system
  syslog:
    enabled: true
    var.paths: ["/var/log/messages*"]
    input:
      exclude_files: ['.+\.bz2$']

system · September 7, 2020, 5:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.