HI,
Need to get the ERROR message only from the log file using processors.
I suggest you use drop_event processor to do so: https://www.elastic.co/guide/en/beats/filebeat/master/drop-event.html
Hi,
I am added processors in filebeat.yml
processors:
- drop_event:
when:
contains:
severity: "ERROR"
But still I am getting the all messages from log
Please format your configuration using </>. It possible that you have a whitespace error in the processors configuration.
Hi,
I am reconfigured the filebeat.yml (format activity done), but still i am getting the all messages from log, kindly advise.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.