7.4.2 exclude_files not workinig

alces · August 10, 2020, 2:20pm

Hello,
I'm running elk and beats at 7.4.2 and I'm having trouble with the "exclude_files" config:
Following are extractions of my filebeat.yml and my system.yml:

filebeat.yml:

filebeat.inputs:
- type: log
  enabled: false
  paths:
    #/var/log/messages*

---------------------------------
system.yml:

- module: system
  syslog:
    enabled: true
	exclude_files: ['.+\.bz2$']
    var.paths: ["/var/log/messages*"]

My goal is to use only the modules for providing the paths filebeat should process.
I've tried a couple of thing but I can't get this to work. As soon as I copy any logfile to /var/log/messages-narf.bz2 or similar the harvester starts and sends the logfiles to my elk stack.

kvch · August 10, 2020, 2:59pm

Hi,

exclude_files is an input level option, not module level. Thus, you have to specifiy the option under the input namespace.

The correct config is the following:

- module: system
  syslog:
    enabled: true
    var.paths: ["/var/log/messages*"]
    input:
      exclude_files: ['.+\.bz2$']

system · September 7, 2020, 5:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Exclude_files doesn't work? Beats filebeat	4	2422	December 29, 2017
Exclude_files param not working Beats filebeat	2	532	May 18, 2022
Filebeat : how to exclude lines Beats filebeat	7	7633	October 5, 2021
Exclude_Files not working in Filebeat Beats filebeat	1	385	July 7, 2021
Unable exclude files Beats filebeat	5	995	May 2, 2019

7.4.2 exclude_files not workinig

Related topics