Sample log file
{ "name": "Meowsy", "species" : "cat", "foods": { "likes": ["tuna", "catnip"], "dislikes": ["ham", "zucchini"] } }
another line
next line
So I want filebeat to ignore 2nd and 3rd line and send only 1st line
Any idea how to do that?
Thank you
The include_lines option sounds like what you're looking for.
The following configuration would only include lines that started with a {. If the line does not look like JSON, it would not be exported.
filebeat.inputs:
- type: log
...
include_lines: ['^{']
Hey,
Using this a log line which is not a valid json is still passed to elasticsearch. Can it be ignored?
If you are using Logstash, you can use json filter. It will parse only the json formatted events and rest will throw parse failure error and this error can be detected by _jsonparsefailure tag in the output.
Before indexing the output to ElasticSearch, you can have a conditional as below to ignore parse failures.
output{
if "_jsonparsefailure" not in [tags] {
elasticsearch{
hosts => [ "localhost:9200" ]
index => [ "index_name-%{+YYYY.MM.dd}" ]
}
}
}This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.