Hello
I am not that great with regular expressions, however, trying to filter out Kibana monitoring messages, I came up with this regexp:
principal=.Kibana.|.indices=..(monitoring-data-2|kibana)..|action=.*cluster:monitor*
I tested it with an online Java regexp tester and it was good and matched all the required messages. But when I inserted it to log4j2.properties and restarted, it seems like Elasticsearch is completely ignoring it !
I keep seeing the messages in the audit file...
Any ideas ?
Thanks
Guy