Hello,
I have installed and configured Elasticsearch, Logstash, Filebeat and Kibana. I'm sending logs from
Filebeat to Logstash and to Elasticsearch. I have deleted the /var/log/messages path in filebeat.yml file, but I still recive log messages from /var/log/messages and /var/log/secure. Is it possible to prevent this?
I've tried to prevent them by drop filter in logstash, but it didn't work.
My drop filter in logstash conf file:
if [source] == "/var/log/messages" {
drop { }
}