I'm attempting to drop duplicates (i.e. only match /dev/mapper/xxx).
Is there a limitation to regex expression for the filter? I've tried multiple variations to drop fdqn matches in attempt to drop all nfs shares and metricbeat pukes when restarting. It sure would be nice to have a filesystem_type attribute.
Thanks,
Joel
The regex support is based on RE2. See Regular Expression Support | Metricbeat Reference [5.0] | Elastic
You can open an enhancement request for this.
Thanks Andrew. I found an expression that worked. However, do I understand correctly that filters is replaced by processors?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.