Filter logs from NGINX module


I am using the NGINX module for Filebeat. Is there a way to filter logs on the machine before it's sent to Elasticsearch?

I much rather carry on using the module than parsing everything through Logstash while using a Grok filter.

Is this possible? I am trying to avoid to alter NGINX logging mechanism, and instead do it through Filebeat module.
Thank you.

1 Like

Hi @TheNmaptomyHeartBeat,

It is possible with the drop_event processor. With something like this example you can drop all log lines that contain favicon.ico:

 - drop_event:
        message.contains: 'favicon.ico'

Hi @jsoriano
That works brilliantly thank you very much.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.