Is it possible to run a batch script when i encounter a "Error" word in any of the log lines which is monitored by filebeat and is sent to elasticsearch.
Can someone please help me on this? Any leads would be appreciated 
It is not possible to run scripts from filebeat. What are you trying to achieve?
1 Like
I think you can exclude the logs which are other than ERROR using exclude lines and ingest only error logs.use some thing like below in filebeat prospectors. It worked for me.
exclude_lines: ['.?(DEBUG|INFO).']
1 Like
@jsoriano i am trying to add local machine timestamp to my output whenever filebeat reads an "Error" word in my "message" field.
Timestamp is always added to the events shipped by filebeat 
In general to modify events you can use processors and/or an ingest pipeline.
@jsoriano but the timestamp is in UTC and i want to add the local time instead of UTC
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.