Exclude_files regex

Winfield_Henry · October 23, 2016, 9:18pm

Hello,

We have some duplicated log entries and would like to exclude a particular log file. There is an 'exclude_files:' directive in the .yml config file, but we are having difficulty making that work.

Question: Is this directive working?
To exclude a file named: badfile.log what would a proper regex be?
How long after restarting filebeat would you expect the file to NOT appear in Kibana/Elasticsearch?

We have tried (with stopping/starting filebeat between each iteration):
exclude_files:"badfile.log"
exclude_files:["badfile.log"]
exclude_files:["^badfile.log$"]
exclude_files:["^//var//log//badfile.log$"]
and a few others.

Thanks,
W

Houss · October 24, 2016, 4:10am

Hi,

exclude_files: ['badfile\.log$'] should work.

Template is exclude_files: ['regex']
$ says that the end of the file name is badfile.log
You have to escape the . with \ in a regex, otherwise, . just means "any character"

Cheers.

ruflin · October 24, 2016, 7:54am

Can you share your full filebeat config?

Winfield_Henry · October 24, 2016, 12:07pm

Hi,

exclude_files: ["badfile\.log$"]

filebeat will not start with the above.

filebeat:
prospectors:
-
paths:
- /var/log/messages
- /var/log/syslog
- /var/log/*.log

  input_type: log

exclude_files: ["badfile\.log$"]

output:
logstash:
hosts: ["localhost:5044"]
worker: 1
index: filebeat
shipper:

logging:

files:

system · November 13, 2016, 9:19pm

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
How can i filter errors in filebeat Beats filebeat	5	798	June 24, 2021
Filebeat exclude_files regex Beats filebeat	4	861	January 17, 2023
Filebeat exclude_files is not working as expected Beats filebeat	7	2369	June 30, 2022
Exclude file from being processed Beats filebeat	6	3990	November 1, 2018
Filebeat Bug: exclude_lines Beats filebeat	3	399	February 26, 2021

Exclude_files regex

Related topics