Here is the prospector section of my filebeat.yml file
#=========================== Filebeat prospectors ============================= filebeat.prospectors: - type: log paths: - /var/log/*/*.log # Exclude lines. A list of regular expressions to match. It drops the lines that are # matching any regular expression from the list. exclude_lines: ['Zabbix']
I tried to exclude any Zabbix requests from being indexed, but this does not seem to be working as I still see these entries on ES.
@timestamp:March 26th 2018, 14:24:13.844 source:/var/log/nginx/access.log tags: web-app prospector.type:log fields.env:prod beat.name:ip-10-1-1-90 beat.hostname:ip-10-1-1-90 beat.version:6.2.3 offset:17,769,793 message:188.8.131.52 - - [26/Mar/2018:13:24:13 +0000] "GET / HTTP/1.1" 200 147136 "-" "Zabbix" _id:tg17YmIBmb9kTiSKDyl8 _type:doc _index:filebeat-6.2.3-2018.03.26 _score: -
What is the correct way to exclude these entries from being indexed?
Any advice is much appreciated