Filebeat not reading JSON Array

subodhp · July 19, 2019, 8:05pm

I have "sourceIPs":["127.0.0.1"] in my JSON Logs, I am using drop_events processor conditions like "equals" and "contains" to filter out events having 127.0.0.1 as sourceIP but none of the obvious filters seems to work. Filebeat version - 5.5.

drop_events:
when:
contains:
sourceIPs.0: "127.0.0.1" or tried this filter as well - sourceIPs[0]: "127.0.0.1"
but no luck.

Any help would be highly appreciated.

system · August 16, 2019, 8:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to use drop_event to filter json Beats filebeat	5	1356	February 16, 2017
Filebeat parse json Beats filebeat	8	7453	June 7, 2018
Drop_event proccessor Beats filebeat	2	387	March 8, 2018
Filebeat Filtering - Drop Event when NOT contain field that equals a value Beats docker , filebeat	9	7479	July 3, 2021
Filebeat 7.9.1 parsing http_json data Beats filebeat	10	1437	October 30, 2020

Filebeat not reading JSON Array

Related topics