as well as a few other iterations I can't remember along the way.
I even tried ['.'] and ['*'] in order to trigger excluding EVERYTHING in the log just to make sure it was actually processing but neither of those had any effect and the logs still were being picked up/inserted into ES.
Like several other posters, it works in Go, but when put into the apache2.yml file, it doesn't. I've also got exclude_files: [".gz$"] and in the debug logs, I can clearly see it excluding those files.
I figured this one out. I noticed that even though I had commented out the exclude_files line, it was still excluding the .gz log files, even though it shouldn't. So I went digging.
Turns out, there's an access.yml file located here:
/usr/share/filebeat/module/apache2/access/config
which still had the exclude_files option set to ignore the .gz files. Below that line, I added:
exclude_lines: ['.(?:server-status).']
and restarted the service. Watched the log file, and bingo, lines are being dropped now.
Not sure why it's ignoring processing the apache2.yml file in /etc/filebeat/modules.d/ though.
So if anyone else is having trouble with the exclude_lines: option in apache.2yml, try checking that other file location listed above.
Not sure that change will survive a package update, but it's a small one and is easy to put back if need be.
So, by that reasoning, if I wanted to modify the exclude_lines config
option in the apache2.yml access section - which isn't set to anything in
the modules.d location - I would add a line:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.