Drop_event does NOT work

jasony · April 25, 2019, 1:57am

Hello

I am trying to drop event when a specific kv is received. I executed metricbeat with using below yaml lines, but the drop_event never worked as what i expected.

can you please advise what i wrongly configured in the yaml file? a part of my .yaml file is as below.

please advise.

metricbeat.modules:
- module: system
  metricsets:
    - process
  processors:
    - drop_event.when:
    or:
      - equals:
          system.process.username: root
      - equals :
          system.process.username: onmadm

processes: ['.*']
period: 10s

output.kafka:
  version: 0.10.2.1
  enabled: true
  hosts: ["xxx:9092"]
  topic: 'xxx'

FYI,
environment what i am using metricbeat is centos7 and metricbeat-6.7.1 version.

thank you!!

ruflin · April 26, 2019, 9:11am

Any chance you could share the debug log when running the above?

Also it seems the or:indentation above is a bit off?

system · May 24, 2019, 9:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Processors drop_event - no worky Beats metricbeat	8	3487	February 9, 2017
Drop events from metricbeat is not working Beats metricbeat	3	339	September 9, 2021
Drop Events works only for Linux Beats docker , metricbeat	3	353	October 7, 2021
Drop_event on process (metric beat 5.6.2) Beats metricbeat	10	851	November 9, 2017
Drop all system event Beats metricbeat	7	318	November 13, 2020

Drop_event does NOT work

Related Topics