Exclude Zabbix entry from being indexed

Here is the prospector section of my filebeat.yml file

#=========================== Filebeat prospectors =============================


    - type: log
        - /var/log/*/*.log

      # Exclude lines. A list of regular expressions to match. It drops the lines that are
      # matching any regular expression from the list.
      exclude_lines: ['Zabbix']

I tried to exclude any Zabbix requests from being indexed, but this does not seem to be working as I still see these entries on ES.

@timestamp:March 26th 2018, 14:24:13.844 source:/var/log/nginx/access.log tags: web-app prospector.type:log fields.env:prod beat.name:ip-10-1-1-90 beat.hostname:ip-10-1-1-90 beat.version:6.2.3 offset:17,769,793 message: - - [26/Mar/2018:13:24:13 +0000] "GET / HTTP/1.1" 200 147136 "-" "Zabbix" _id:tg17YmIBmb9kTiSKDyl8 _type:doc _index:filebeat-6.2.3-2018.03.26 _score: -

What is the correct way to exclude these entries from being indexed?

Any advice is much appreciated

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.