Drop _event when regexp dropping every event - apache2 module

Alaa_Ksontini · November 16, 2018, 2:43pm

Hi everyone,

I wanted to limit the number of documents stored in Elasticsearch. So I configured a processor in my filebeat.yml at the top-level. My input is the apache2 module which is configured fine.

processors:
    - drop_event:
        when:
           regexp:
               apache2.access.url: '\/(tag|track)\?'

I want to drop events where the url looks like this

/tag?something=value...
/track?something=value...

Here is a sample input:

172.31.29.163 - - [16/Nov/2018:13:56:17 +0000] "GET /tag?something=value HTTP/1.1" 200 724 "[referer]"[user-agent]"

Can someone point me to what exactly I'm doing wrong?
Thank you.

system · December 14, 2018, 2:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Drop event for Apache Module Beats beats-module , filebeat	3	462	December 10, 2020
Help with Processors in filebeat modules Beats filebeat	9	2785	March 6, 2020
Filebeat. How drop events with IIS module? Beats filebeat	3	383	November 16, 2021
Drop events if regex does not match in ElasticSearch Elasticsearch	1	1000	June 30, 2021
Filebeat Processors drop_event Beats filebeat	3	1597	January 6, 2021

Drop _event when regexp dropping every event - apache2 module

Related topics