Exported fields in filebeat processors

Hello,

Documentation about filebeat's processors
https://www.elastic.co/guide/en/beats/filebeat/current/configuration-processors.html

references fields like http.response.code, etc:

equals: http.response.code: 200

But in "Exported fields" section:
https://www.elastic.co/guide/en/beats/filebeat/current/exported-fields.html

I see only general fields like type, message, offset, etc., nothing log-line-content-specific.

Is there any way to parse log line against regexp to extract some data to be used in expressions? Or how do these examples correlate with real life?

Thanks.

The examples are the same for all beats, and that particular example is from Packetbeat, which has that field. Sorry for the confusion. If you need to parse logs, I recommend using either Logstash or the Elasticsearch Ingest Node.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.