Exclude a log line that matches an exclude_line

Zfs · June 9, 2016, 3:39pm

I have a more complex use case for include and exlude lines.

I'd like to log all lines not matched by exclude_lines but also have the ability to over ride an exclude_line.

Example:

exclude_lines: ["^[0-9]\/[0-9]\/[0-9]* [0-9]:[0-9]:[0-9].[0-9] [A-Z]*: \[SPECIAL] special"]

Log Normal lines:
06/04/16 10:22:25.286 INFO: [AAA] XXXX
06/04/16 10:22:25.286 INFO: [BBB] XXXX
06/04/16 10:22:25.286 FINE: [AAAAA] YYYY

But also log this line which would be excluded based on the above exclude line.
["^[0-9]\/[0-9]\/[0-9]* [0-9]:[0-9]:[0-9].[0-9] [A-Z]*: \[SPECIAL] special"] - EXCEPTION: xxxx xxxx xxxxx xxxx

Thanks

ruflin · June 10, 2016, 6:23am

I don't think this is possible right now, but the easiest solution so make your first regexp long so it matches all lines except the one with "EXCEPTION". Potentially things like this can be done with the more advanced filters in 5.0.0: https://www.elastic.co/guide/en/beats/filebeat/master/configuration-filter.html

system · June 30, 2016, 3:40pm

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
Exclude line regex wont work Beats filebeat	5	1062	October 26, 2017
Exclude_lines in filebeat does not work? Beats filebeat	9	825	January 16, 2023
Exclude_lines regex isn't working Beats filebeat	5	2573	January 31, 2018
Exclude file from being processed Beats filebeat	6	3980	November 1, 2018
Exclude_files regex Beats filebeat	4	1635	November 13, 2016

Exclude a log line that matches an exclude_line

Related Topics