Hello
I am using the NGINX module for Filebeat. Is there a way to filter logs on the machine before it's sent to Elasticsearch?
I much rather carry on using the module than parsing everything through Logstash while using a Grok filter.
Is this possible? I am trying to avoid to alter NGINX logging mechanism, and instead do it through Filebeat module.
Thank you.
It is possible with the drop_event processor. With something like this example you can drop all log lines that contain favicon.ico:
processors:
- drop_event:
when:
message.contains: 'favicon.ico'
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.