Hello,
I am using Metricbeat version 8.7.0 and trying to filter values in the system.process.cmdline
field.
I added the following section to the system.yml
file:
- module: system
period: 1m
metricsets:
- process
processors:
- drop_event.when.not.regexp:
system.process.cmdline: "C:.*"
(I am looking for processes whose cmdline contains the drive C:)
On the surface, it runs (no errors), and it looks correct according to the documentation, but in practice, it does not perform the filtering.
Has anyone encountered this issue?