Exported fields in filebeat processors

John16 · February 12, 2017, 4:05pm

Hello,

Documentation about filebeat's processors
https://www.elastic.co/guide/en/beats/filebeat/current/configuration-processors.html

references fields like http.response.code, etc:

equals: http.response.code: 200

But in "Exported fields" section:
https://www.elastic.co/guide/en/beats/filebeat/current/exported-fields.html

I see only general fields like type, message, offset, etc., nothing log-line-content-specific.

Is there any way to parse log line against regexp to extract some data to be used in expressions? Or how do these examples correlate with real life?

Thanks.

tudor · February 13, 2017, 10:41am

The examples are the same for all beats, and that particular example is from Packetbeat, which has that field. Sorry for the confusion. If you need to parse logs, I recommend using either Logstash or the Elasticsearch Ingest Node.

system · March 13, 2017, 10:41am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How does filebeat (or logstash) converts single line of log to json data? Beats	3	1996	June 8, 2017
Exported fields for log content which module exports them? Beats filebeat	5	360	August 14, 2019
First level filtering with Filebeat Beats filebeat	3	6755	August 4, 2017
Beats not parsing `message` correctly with filebeat protocol Beats filebeat	7	27	October 11, 2024
Drop multiple fields with regex on field names using filebeat Beats filebeat	5	2978	December 27, 2017

Exported fields in filebeat processors

Related Topics