I have Filebeat installed on a Windows server. I configured it to read logs from SQL Server. I can see that all lines are individually passed to ES, as I can see them in Kibana. My goal is to only send the lines that contain the sentence "Login failed for user"
The documentation is pretty straight forward:
The following example exports all log lines that contain
- type: log ...
This is my yml file:
- type: log
include_lines: ['Login failed for user']
But this results in no messages being forwarded to ES. I have tried multiple wildcard inputs, but no luck.
Would anyone see anything wrong with my configuration? Any help would be greatly appreciated. Thanks!