According to the documenation I should be able to use the "exclude_lines" option to filter specific events.
I've setup my filebeat.yml to exclude any entries that start with my load balancer IP, but they still forward to logstash.
paths:
- /var/log/httpd/access_log
document_type: apache-access
exclude_lines: ["^192.168.1.5"]
What am I doing wrong?
Just to be sure, you are on filebeat 1.1.0, right? The config looks good to me.
Thanks Tudor
I just did a yum repo check and found that it was still on 1.01 and 1.1 was available. Oddly I had checked this earlier to day and it said I was up to date...although I didn't check the version number.
Short answer: yup this was the issue and applying the 1.1 update fixed it.
Cool, that's because we just released 1.1 about two hours ago 
lol, awesome timing then!
Hi,
A log file have INFO/DEBUG/ERROR. But i want to exclude debug logs to forward, but still its forwarding.
Using filebeat-5.0.0-alpha3
exclude_lines: ["^DEBUG"]
Example json log:
{"@logdate":"2016-07-05T15:15:50.772+05:30","message":"methodName()","logger_name":"com.app","thread_name":"main","level":"DEBUG","fileType":"test"}
is the exclude config correct?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.