Hello,
How can I allow only specific lines and for specific log files as well?
example: I have lots of files in the inputs.d file but for the xyz.log file, I wanna set up the filter only to allow "out of memory" line other events will drop for only xyz.log file
Hello @abhi.logs ,
do you have a single yaml config file that covers only xyz.log in inputs.d?
you could probably use the drop_event processor (Drop events | Filebeat Reference [8.2] | Elastic) with a negative condition on message field containing "out of memory"
Hello @Andrea_Spacca
No I have 4-5 config files inside inputs.d and I just wanna apply to xyz.log file only.
hello @abhi.logs
which one is the input for xyz.log file?
could you share the content?
helllo @Andrea_Spacca
This is xyz.yml file inside inputs.d.like this I have 4-5 *.yml file for different logs
- type: log
enabled: True
paths:
- /var/log/xvy.log
exclude_files: ['[a-z A-Z]+-[0-9]{4}-[0-9]{2}-[0-9]{2}.json']
fields:
log_type: kernel-log
something like this should work
- type: log
enabled: True
paths:
- /var/log/xvy.log
exclude_files: ['[a-z A-Z]+-[0-9]{4}-[0-9]{2}-[0-9]{2}.json']
fields:
log_type: kernel-log
processors:
- drop_event:
when:
not:
contains:
message: "out of memory"© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.