Filter logs from NGINX module

TheNmaptomyHeartBeat · August 7, 2018, 11:00am

Hello

I am using the NGINX module for Filebeat. Is there a way to filter logs on the machine before it's sent to Elasticsearch?

I much rather carry on using the module than parsing everything through Logstash while using a Grok filter.

Is this possible? I am trying to avoid to alter NGINX logging mechanism, and instead do it through Filebeat module.
Thank you.

jsoriano · August 7, 2018, 2:01pm

It is possible with the drop_event processor. With something like this example you can drop all log lines that contain favicon.ico:

processors:
 - drop_event:
     when:
        message.contains: 'favicon.ico'

TheNmaptomyHeartBeat · August 13, 2018, 9:40am

Hi @jsoriano
That works brilliantly thank you very much.

system · September 10, 2018, 9:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to filter specific fields of nginx logs in filebeat before importing in elastic? Beats filebeat	5	299	February 21, 2024
Exclude log lines with nginx filebeat module Beats filebeat	1	767	April 1, 2020
Nginx module is trying to parsing each log entry as access and error log Beats beats-module , filebeat	9	1852	September 9, 2019
Problem: Custom Filebeat Module to parse modified nginx log Grok Error Beats filebeat	16	4007	July 31, 2018
How to parse nginx log using filebeat Beats filebeat	3	2198	July 23, 2019