Are processors applied to the filebeat application logs?

Dragan_Bosnjak · January 23, 2024, 7:57am

I am trying to filter out some filebeat logs with drop_event processor, but it doesn't seem to work. This is the event:

{
"log.level":"warn",
"@timestamp":"2024-01-01T12:11:22.333Z",
"log.logger":"file_watcher",
"log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/filestream.(*fileWatcher).watch","file.name":"filestream/fswatch.go","file.line":205},
"message":"file \"/var/log/example.log\" has no content yet, skipping",
"service.name":"filebeat",
"ecs.version":"1.6.0"}

and i'm trying to drop it like this:

processors:
 - drop_event:
     when:
       equals:
         service.name: "filebeat"

Is my configuration syntax incorrect? Are processors even appliend to internal logs?

yago82 · January 23, 2024, 8:30am

Hi,

processors might not be applied to internal logs. If you want to reduce the verbosity of Filebeat's internal logging, you can adjust the logging level in the Filebeat configuration. For example, you can set logging.level: error to only log error messages.

Regards

system · February 20, 2024, 10:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.