Exclude a log line that matches an exclude_line

Zfs · June 9, 2016, 3:39pm

I have a more complex use case for include and exlude lines.

I'd like to log all lines not matched by exclude_lines but also have the ability to over ride an exclude_line.

Example:

exclude_lines: ["^[0-9]\/[0-9]\/[0-9]* [0-9]:[0-9]:[0-9].[0-9] [A-Z]*: \[SPECIAL] special"]

Log Normal lines:
06/04/16 10:22:25.286 INFO: [AAA] XXXX
06/04/16 10:22:25.286 INFO: [BBB] XXXX
06/04/16 10:22:25.286 FINE: [AAAAA] YYYY

But also log this line which would be excluded based on the above exclude line.
["^[0-9]\/[0-9]\/[0-9]* [0-9]:[0-9]:[0-9].[0-9] [A-Z]*: \[SPECIAL] special"] - EXCEPTION: xxxx xxxx xxxxx xxxx

Thanks

ruflin · June 10, 2016, 6:23am

I don't think this is possible right now, but the easiest solution so make your first regexp long so it matches all lines except the one with "EXCEPTION". Potentially things like this can be done with the more advanced filters in 5.0.0: https://www.elastic.co/guide/en/beats/filebeat/master/configuration-filter.html

system · June 30, 2016, 3:40pm

This topic was automatically closed after 21 days. New replies are no longer allowed.