Filter logs from NGINX module

TheNmaptomyHeartBeat · August 7, 2018, 11:00am

Hello

I am using the NGINX module for Filebeat. Is there a way to filter logs on the machine before it's sent to Elasticsearch?

I much rather carry on using the module than parsing everything through Logstash while using a Grok filter.

Is this possible? I am trying to avoid to alter NGINX logging mechanism, and instead do it through Filebeat module.
Thank you.

jsoriano · August 7, 2018, 2:01pm

It is possible with the drop_event processor. With something like this example you can drop all log lines that contain favicon.ico:

processors:
 - drop_event:
     when:
        message.contains: 'favicon.ico'

TheNmaptomyHeartBeat · August 13, 2018, 9:40am

Hi @jsoriano
That works brilliantly thank you very much.

Topic		Replies	Views
Filebeat Nginx module not dropping events Beats filebeat	5	1801	January 25, 2019
Exclude log lines with nginx filebeat module Beats filebeat	1	800	April 1, 2020
How to filter specific fields of nginx logs in filebeat before importing in elastic? Beats filebeat	5	539	February 21, 2024
Nginx module \| Processor drop_event HTTP 200 not working Beats filebeat	3	969	November 11, 2019
Grok filter pattern for nginx Logstash	9	6762	October 4, 2018