Error initializing processors

BeerRider · September 7, 2017, 5:03am

Yes, sure. Only 2 spaces in front of "when". Not working.

processors:
- drop_event:
  when.regexp.message: 'MicrosoftExchange.+@kirmarket\.ru'

In other parts of config file 2-spaced indentations works fine.

filebeat.prospectors:
  - input_type: log
    document_type: exchange
    paths:
      - d:\Program Files\Exchange Server 2013\TransportRoles\Logs\MessageTracking\MSGTRK2*.LOG
    ignore_older: 336h
    exclude_lines: ['MicrosoftExchange.+@kirmarket\.ru','HealthMailbox.+@kirmarket\.ru','postmaster@kirmarket\.ru']
    close_inactive: 2h

processors:
- drop_event:
  when.regexp.message: 'MicrosoftExchange.+@kirmarket\.ru'

output:
  logstash:
    hosts: ["logs:5044"]

Also, filebeat version is filebeat-5.5.0-windows-x86_64

Topic		Replies	Views
Filebeat processors not working as expected Beats filebeat	4	6201	July 13, 2018
Indentation error on filebeat conf Beats filebeat	5	467	July 22, 2022
Drop Processors on .yml file Beats filebeat	7	396	August 4, 2022
Processor not working in filebeat Beats filebeat	5	695	May 30, 2019
Filebeat 5.2 processor doesn't work Beats filebeat	3	432	November 8, 2018

Error initializing processors

Related topics