Hi , I am using filebeat 7.6
with the below filebeat config
logging.level: error
filebeat.inputs:
type: syslog
protocol.tcp.host: "localhost:5000"
include_lines: ['error']
I would like for example to include only error or warning message and exclude info message on syslog.
Feb 27 17:30:02 SERVER filebeat[32050]: Exiting: error loading config file: yaml: line 23: did not find expected key
Feb 27 17:30:02 SERVER systemd[1]: filebeat.service: Main process exited, code=exited, status=1/FAILURE
Feb 27 17:30:02 SERVE>R systemd[1]: filebeat.service: Unit entered failed state.
Feb 27 17:30:02 SERVER systemd[1]: filebeat.service: Failed with result 'exit-code'.
Feb 27 17:30:02 SERVER systemd[1]: filebeat.service: Service hold-off time over, scheduling restart.
Feb 27 17:30:02 SERVER systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
From Exiting: error loading config file: yaml: line 23: did not find expected key it seems that your configuration yml is not valid. Please to try to validate it before using it. There are plenty of yml validator online to use.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.