Exclude_pattern in logstash s3 input

niraj_kumar · August 23, 2017, 3:53am

This is my s3 input config. I am trying to exclude a key that has name called CloudTrail-Digest.

input {
  s3 {
    type => "cloudtrail"
    bucket => "aws"
    prefix => "Accounts/"
    add_field => { source => gzfiles }
    backup_to_dir => "/mnt/aws/s3backup"
    exclude_pattern => "^CloudTrail-Digest/"
    codec => cloudtrail {}
    region => "us-west-2"
    sincedb_path => "/etc/s3backup/sincedb"
  }
}

But when i try to run logstash. It still downloads that file. Any idea if my regex is wrong.

20:47:01.414 [[main]<s3] DEBUG logstash.inputs.s3 - S3 input: Adding to objects[] {:key=>"Accounts/bigdata/AWSLogs/xxxxxxxxxxx/CloudTrail-Digest/ap-northeast-2/2017/07/12/xxxxxxxxxxxx_CloudTrail-Digest_ap-northeast-2_CybersecurityTemplate-CloudTrailImpl-11EE2N5EAOL3B_us-west-2_20170712T090720Z.json.gz"}
20:47:01.414 [[main]<s3] DEBUG logstash.inputs.s3 - objects[] length is:  {:length=>2999}

magnusbaeck · August 24, 2017, 7:57pm

I'm not familiar with the s3 input but: ^CloudTrail-Digest/ matches strings that begin with CloudTrail-Digest, which the path in question clearly doesn't.

niraj_kumar · August 24, 2017, 8:20pm

So how can i exclude all the files that start with CloudTrail-Digest?

magnusbaeck · August 24, 2017, 8:23pm

You can use /CloudTrail-Digest/ to exclude all files that has CloudTrail-Digest as one patch component.

niraj_kumar · August 24, 2017, 8:28pm

I will try this one and update you.

system · September 21, 2017, 8:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
S3 input "include pattern"? Logstash	2	2014	April 28, 2017
S3 input issues with images Logstash	16	981	April 10, 2018
Exclude multiple patterns in logstash s3 input Logstash	2	584	November 2, 2022
Selectively read certain files from S3? Logstash	2	724	July 6, 2017
Guidance With S3 Input Plugin Logstash	3	1464	April 30, 2019

Exclude_pattern in logstash s3 input

Related topics