How can I add the ignore_older option to filebeat modules?
hey @rugenl
you can try to define a processor combined with range query
processor you might be interested in: https://www.elastic.co/guide/en/beats/filebeat/7.0/drop-event.html
you will then specify a condition as a range condition and specify timespan lower than a value
example
range:
your.field:
lte: "now-1d/d"
Check this for how date math is used: https://www.elastic.co/guide/en/elasticsearch/reference/current/common-options.html#date-math
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.