Why include_lines is not working?

jaraws · October 1, 2020, 6:58am

I have the following file yaml configuration to pick certain lines with string expressions, but filebeat doesnt seems to be prpagating messages to elastic search:

filebeat.inputs:
 - type: log
   enabled: true
   paths:
     - /usr/share/apps/logs/*.log
   include_lines: ['ABC:']
   exclude_files: ['.gz$']
   fields:
      tags: ["Tag-1"]
      type: "Type-1"
   fields_under_root: true
 - type: log
   enabled: true
   paths:
     - /usr/share/apps/logs/*.log
   include_lines: ['DEF:']
   exclude_files: ['.gz$']
   fields:
      tags: ["Tag-2"]
      type: "Type-2"
   fields_under_root: true

The log line is very simple:
[2020-09-20] INFO - ABC: This is log message.

I am using version 7.2 of filebeat.

Could anyone suggest me here what could be going wrong in here?

system · October 29, 2020, 8:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Include_lines problem Beats filebeat	8	2976	July 5, 2016
Include_lines doesn't seem to work Beats filebeat	3	1440	August 2, 2016
Include_lines and exclude_lines not working as expected Beats filebeat	2	690	May 7, 2019
Include_lines in My Filebeat Module Beats filebeat	3	3927	October 23, 2018
Filebeat include_lines issue Beats filebeat	4	966	January 27, 2020

Why include_lines is not working?

Related topics