Hello,
Here is the prospector section of my filebeat.yml file
#=========================== Filebeat prospectors =============================
filebeat.prospectors:
- type: log
paths:
- /var/log/*/*.log
# Exclude lines. A list of regular expressions to match. It drops the lines that are
# matching any regular expression from the list.
exclude_lines: ['Zabbix']
I tried to exclude any Zabbix requests from being indexed, but this does not seem to be working as I still see these entries on ES.
@timestamp:March 26th 2018, 14:24:13.844 source:/var/log/nginx/access.log tags: web-app prospector.type:log fields.env:prod beat.name:ip-10-1-1-90 beat.hostname:ip-10-1-1-90 beat.version:6.2.3 offset:17,769,793 message:52.56.187.196 - - [26/Mar/2018:13:24:13 +0000] "GET / HTTP/1.1" 200 147136 "-" "Zabbix" _id:tg17YmIBmb9kTiSKDyl8 _type:doc _index:filebeat-6.2.3-2018.03.26 _score: -
What is the correct way to exclude these entries from being indexed?
Any advice is much appreciated