Filebeat + docker input - cannot drop events according to container name?

Nico_Kruger · February 8, 2019, 4:26pm

I cannot for the life of me figure out why the following is not working:

This is using the elastic Filebeat 6.5.2 docker container:

filebeat.inputs:
- type: docker
  containers.ids: '*'
  combine_partial: true
  processors:
    - drop_event:
        when:
          equals:
            docker.container.name: "filebeat"

I literally want to not log anything related to the filebeat container. I've tried many combinations of getting an OR to work, using a regexp etc. but maybe someone can spot what I'm doing wrong with this simple example?

I expect the above to drop all log messages from the "filebeat" container.

system · March 8, 2019, 4:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Docker implementation - Filebeats 7.17.2 - drop_events not working Beats docker , filebeat	9	628	May 29, 2022
Filebeat not dropping the entire events/log Beats docker , filebeat	2	387	September 28, 2020
Filebeat Docker input: exclude container by name Beats docker , filebeat	1	1064	June 6, 2022
"exclude_lines" not working with docker input Beats docker , filebeat	8	810	January 5, 2020
Dropping Events in Kubernetes Beats	1	618	April 19, 2018

Filebeat + docker input - cannot drop events according to container name?

Related topics