Filter logs from NGINX module

TheNmaptomyHeartBeat · August 7, 2018, 11:00am

Hello

I am using the NGINX module for Filebeat. Is there a way to filter logs on the machine before it's sent to Elasticsearch?

I much rather carry on using the module than parsing everything through Logstash while using a Grok filter.

Is this possible? I am trying to avoid to alter NGINX logging mechanism, and instead do it through Filebeat module.
Thank you.

jsoriano · August 7, 2018, 2:01pm

It is possible with the drop_event processor. With something like this example you can drop all log lines that contain favicon.ico:

processors:
 - drop_event:
     when:
        message.contains: 'favicon.ico'

TheNmaptomyHeartBeat · August 13, 2018, 9:40am

Hi @jsoriano
That works brilliantly thank you very much.

system · September 10, 2018, 9:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filter not working filbert nginx module Beats filebeat	8	468	June 22, 2018
Filebeat Nginx module Beats filebeat	3	1789	October 31, 2017
Filebeat Nginx Module - Nginx log has a non default format Beats filebeat	3	1127	December 1, 2017
How to filter specific fields of nginx logs in filebeat before importing in elastic? Beats filebeat	5	301	February 21, 2024
Filebeat TCP input with Nginx Module Beats filebeat	7	889	April 29, 2020