Exported fields in filebeat processors

John16 · February 12, 2017, 4:05pm

Hello,

Documentation about filebeat's processors
https://www.elastic.co/guide/en/beats/filebeat/current/configuration-processors.html

references fields like http.response.code, etc:

equals: http.response.code: 200

But in "Exported fields" section:
https://www.elastic.co/guide/en/beats/filebeat/current/exported-fields.html

I see only general fields like type, message, offset, etc., nothing log-line-content-specific.

Is there any way to parse log line against regexp to extract some data to be used in expressions? Or how do these examples correlate with real life?

Thanks.

tudor · February 13, 2017, 10:41am

The examples are the same for all beats, and that particular example is from Packetbeat, which has that field. Sorry for the confusion. If you need to parse logs, I recommend using either Logstash or the Elasticsearch Ingest Node.

system · March 13, 2017, 10:41am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing typical logback log lines Beats filebeat	2	977	February 27, 2018
Filebeat lotstash output and 'exported fields' Beats filebeat	4	1790	March 16, 2018
Can the "field" property be used to extract a value from the message body, and why not? Beats filebeat	2	1786	July 5, 2017
Create new Fields to Filter by Beats filebeat	3	376	September 10, 2019
Basic Apache Filebeat Log question - missing fields Beats filebeat	9	1121	January 24, 2020

Exported fields in filebeat processors

Related topics