I have the following file yaml configuration to pick certain lines with string expressions, but filebeat doesnt seems to be prpagating messages to elastic search:
filebeat.inputs:
- type: log
enabled: true
paths:
- /usr/share/apps/logs/*.log
include_lines: ['ABC:']
exclude_files: ['.gz$']
fields:
tags: ["Tag-1"]
type: "Type-1"
fields_under_root: true
- type: log
enabled: true
paths:
- /usr/share/apps/logs/*.log
include_lines: ['DEF:']
exclude_files: ['.gz$']
fields:
tags: ["Tag-2"]
type: "Type-2"
fields_under_root: true
The log line is very simple:
[2020-09-20] INFO - ABC: This is log message.
I am using version 7.2 of filebeat.
Could anyone suggest me here what could be going wrong in here?