Exclude a log line that matches an exclude_line

Zfs · June 9, 2016, 3:39pm

I have a more complex use case for include and exlude lines.

I'd like to log all lines not matched by exclude_lines but also have the ability to over ride an exclude_line.

Example:

exclude_lines: ["^[0-9]\/[0-9]\/[0-9]* [0-9]:[0-9]:[0-9].[0-9] [A-Z]*: \[SPECIAL] special"]

Log Normal lines:
06/04/16 10:22:25.286 INFO: [AAA] XXXX
06/04/16 10:22:25.286 INFO: [BBB] XXXX
06/04/16 10:22:25.286 FINE: [AAAAA] YYYY

But also log this line which would be excluded based on the above exclude line.
["^[0-9]\/[0-9]\/[0-9]* [0-9]:[0-9]:[0-9].[0-9] [A-Z]*: \[SPECIAL] special"] - EXCEPTION: xxxx xxxx xxxxx xxxx

Thanks

ruflin · June 10, 2016, 6:23am

I don't think this is possible right now, but the easiest solution so make your first regexp long so it matches all lines except the one with "EXCEPTION". Potentially things like this can be done with the more advanced filters in 5.0.0: https://www.elastic.co/guide/en/beats/filebeat/master/configuration-filter.html

system · June 30, 2016, 3:40pm

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
How can i filter errors in filebeat Beats filebeat	5	798	June 24, 2021
Filebeat Bug: exclude_lines Beats filebeat	3	399	February 26, 2021
Cant get regex to exclude line to work Beats filebeat	6	5926	August 31, 2017
Using the exclude_lines option Beats filebeat	6	2679	July 5, 2017
Filebeat exclude_linex regex to exclude all lines not containing error Beats	6	6454	September 8, 2016

Exclude a log line that matches an exclude_line

Related topics