Exclude_files regex

Winfield_Henry · October 23, 2016, 9:18pm

Hello,

We have some duplicated log entries and would like to exclude a particular log file. There is an 'exclude_files:' directive in the .yml config file, but we are having difficulty making that work.

Question: Is this directive working?
To exclude a file named: badfile.log what would a proper regex be?
How long after restarting filebeat would you expect the file to NOT appear in Kibana/Elasticsearch?

We have tried (with stopping/starting filebeat between each iteration):
exclude_files:"badfile.log"
exclude_files:["badfile.log"]
exclude_files:["^badfile.log$"]
exclude_files:["^//var//log//badfile.log$"]
and a few others.

Thanks,
W

Houss · October 24, 2016, 4:10am

Hi,

exclude_files: ['badfile\.log$'] should work.

Template is exclude_files: ['regex']
$ says that the end of the file name is badfile.log
You have to escape the . with \ in a regex, otherwise, . just means "any character"

Cheers.

ruflin · October 24, 2016, 7:54am

Can you share your full filebeat config?

Winfield_Henry · October 24, 2016, 12:07pm

Hi,

exclude_files: ["badfile\.log$"]

filebeat will not start with the above.

filebeat:
prospectors:
-
paths:
- /var/log/messages
- /var/log/syslog
- /var/log/*.log

  input_type: log

exclude_files: ["badfile\.log$"]

output:
logstash:
hosts: ["localhost:5044"]
worker: 1
index: filebeat
shipper:

logging:

files:

Topic		Replies	Views
Filebeat- syntax for regex file exclusion Beats filebeat	2	365	December 4, 2020
Help with exclude_files Beats filebeat	2	364	November 19, 2018
Exclude_Files not working in Filebeat Beats filebeat	1	469	July 7, 2021
Exclude file pattern not working correctly Beats filebeat	2	4021	September 21, 2018
Regex not worked with filebeat Beats filebeat	3	244	February 24, 2024

Exclude_files regex

Related topics