Are processors applied to the filebeat application logs?

Dragan_Bosnjak · January 23, 2024, 7:57am

I am trying to filter out some filebeat logs with drop_event processor, but it doesn't seem to work. This is the event:

{
"log.level":"warn",
"@timestamp":"2024-01-01T12:11:22.333Z",
"log.logger":"file_watcher",
"log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/filestream.(*fileWatcher).watch","file.name":"filestream/fswatch.go","file.line":205},
"message":"file \"/var/log/example.log\" has no content yet, skipping",
"service.name":"filebeat",
"ecs.version":"1.6.0"}

and i'm trying to drop it like this:

processors:
 - drop_event:
     when:
       equals:
         service.name: "filebeat"

Is my configuration syntax incorrect? Are processors even appliend to internal logs?

yago82 · January 23, 2024, 8:30am

Hi,

processors might not be applied to internal logs. If you want to reduce the verbosity of Filebeat's internal logging, you can adjust the logging level in the Filebeat configuration. For example, you can set logging.level: error to only log error messages.

Regards

system · February 20, 2024, 10:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat drop_event Beats filebeat	2	3919	July 5, 2017
Help with Processors in filebeat modules Beats filebeat	9	2766	March 6, 2020
Drop Processors on .yml file Beats filebeat	7	319	August 4, 2022
First level filtering with Filebeat Beats filebeat	3	6755	August 4, 2017
Drop event processor not working on Filebeat Beats filebeat	5	454	August 30, 2023

Are processors applied to the filebeat application logs?

Related Topics