Hi All,
i have try to use filebat to ship syslog from Linux server, i use log type .
I want just to ship error content on /var/log/syslog and exlucde for exaample all line that content info .
My config client on filebeat
filebeat.inputs:
- type: log
enabled: true
paths:- /var/log/syslog
processors: - add_locale:
format: abbreviation
- /var/log/syslog
exclude_lines: ['INFO']
include_lines: ['error']
But the filrebat still shippping all content /var/log/syslog
Thanks in advance for you help .
ani