I am using filebeat to monitor log files and what i am trying to do is print only "Found Error" in another log file (using output.files option) if my log files has a message which contains "Error" string.

Can someone help me on this one?

Hi @Priyaranjan_Mudliar,

I don't think that's possible, something you could do is output the line containing Error to that other log. Basically you can read everything and use drop_event processor to only output the lines that contain Error. Have a look to our docs here: https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html

Best regards

@Priyaranjan_Mudliar Kindly provide your log file and describe exactly what you want in output. It will be very helpful to give proper response

Thanks for the reply @exekias

I used the method that you mentioned. I used drop event processor but still getting an error while running filebeat. The error says "error in config file : did not find expected key". My filebeat input config part looks like this :

#=========================== Filebeat inputs =============================

filebeat.inputs:

Each - is an input. Most options can be set at the input level, so

you can use different inputs for various configurations.

Below are the input specific configurations.

• type: log
  processors:
• drop_event:
  when:
  not:
  contains:
  message: "Error"

Change to true to enable this input configuration.

enabled: true

Paths that should be crawled and fetched. Glob based paths.

paths:
- D:\Filebeat\mylog.log
#- c:\programdata\elasticsearch\logs*

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.