Hi All,
I am using filebeat (filebeat-7.3.2-1.x86_64) for Doctor log analysis, now I want to capture only Error and Warning message. I have tried "include_lines: ['^ERR', '^WARN']" option but it's not working. can you suggest correct way to do this.
filebeat.autodiscover:
providers:
- type: docker
templates:
- condition:
and:
- equals:
docker.container.image: ucc
- equals:
docker.container.image: waggerap
- config:
- type: log
paths:
- /VMWNODE/docker/containers/{data.docker.container.id}/*.log
fields:
environment: UAT
IP: 10.222.166.78
fields_under_root: true
multiline.pattern: '^[[:space:]]+|]'
multiline.match: after
This is my proper working configuration, Please suggest