Are processors applied to the filebeat application logs?

Dragan_Bosnjak · January 23, 2024, 7:57am

I am trying to filter out some filebeat logs with drop_event processor, but it doesn't seem to work. This is the event:

{
"log.level":"warn",
"@timestamp":"2024-01-01T12:11:22.333Z",
"log.logger":"file_watcher",
"log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/filestream.(*fileWatcher).watch","file.name":"filestream/fswatch.go","file.line":205},
"message":"file \"/var/log/example.log\" has no content yet, skipping",
"service.name":"filebeat",
"ecs.version":"1.6.0"}

and i'm trying to drop it like this:

processors:
 - drop_event:
     when:
       equals:
         service.name: "filebeat"

Is my configuration syntax incorrect? Are processors even appliend to internal logs?

yago82 · January 23, 2024, 8:30am

Hi,

processors might not be applied to internal logs. If you want to reduce the verbosity of Filebeat's internal logging, you can adjust the logging level in the Filebeat configuration. For example, you can set logging.level: error to only log error messages.

Regards

system · February 20, 2024, 10:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat drop_event Beats filebeat	2	3922	July 5, 2017
Processor not working Beats filebeat	2	542	October 1, 2019
Help with Processors in filebeat modules Beats filebeat	9	2785	March 6, 2020
Drop Processors on .yml file Beats filebeat	7	321	August 4, 2022
First level filtering with Filebeat Beats filebeat	3	6755	August 4, 2017

Are processors applied to the filebeat application logs?

Related topics