Hello,
I am using filebeat to parse logs from my server directly to Elastic cloud. Sometimes there are some inconsistent logs entries with hundreds of log lines which I don't want to harvest them. Is there any way I can achieve this? Also is it possible that those logs are responsible for high memory pressure of my cluster?
Thanks
Hi!
You can use a processor like https://www.elastic.co/guide/en/beats/filebeat/current/drop-event.html to drop the events you don't want to ship to ES.
About memory pressure, it could be anything however dropping this kind of unwanted events may improve things since it will reduce the amount of data ES has to index.
C.
Thanks for your response Chris.
Since there is no specific pattern to use a conditional to drop logs, I have used truncate field proccessor https://www.elastic.co/guide/en/beats/filebeat/current/truncate-fields.html to set a maximum characters limit.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.