I found a similar issue to what I am dealing with and tried the filters solution but still not able to start Metricbeat successfully. I reviewed Processors drop_event - no worky and tried to use both filter and processors but neither worked. Like the previous user, I am also trying to exclude all but a few of the mount_points for inclusion in filesystem metrics. I am unable to include the full config but this is everything except the output config:
#========================== Modules configuration ============================
metricbeat.modules:
#------------------------------- System Module -------------------------------
- module: system
metricsets:
# CPU stats
- cpu
# System Load stats
- load
# Per filesystem stats
- filesystem
# Per process stats
- process
enabled: true
period: 30s
processes: ['.*']
filters:
- drop_event:
when:
- regexp:
mount_point: '^/(sys|cgroup|proc|dev)'
processors:
- drop_fields:
fields: ['metricset.rtt']
One difference from referenced topic is i also include the 'processors:' section immediately below the 'filters' section. Is this a problem?
I noticed the author of the topic above also has the following two lines at the end. What are the function of these and is this what I am missing?
- regexp:
device_name: '^10.69.69'
- equals:
device_name: sunrpc
Thanks in advance,
RHerring