Yet another exclude_lines thread

I'm sorry to have to open yet another exclude_lines thread, but having read all the available threads and checked all possibilities, I still can't get the exclude_lines option to work.

My config is:

filebeat:
  prospectors:
  - document_type: log
    exclude_lines:
    - .*ping.*
    fields:
      gl2_source_collector: bd4ffc76-23b4-49c1-87df-******
    ignore_older: 0
    input_type: log
    paths:
    - /var/log/nginx/*.log
    scan_frequency: 10s
    tail_files: true
output:
  logstash:
    hosts:
    - *****:5044
path:
  data: /var/cache/graylog/collector-sidecar/filebeat/data
  logs: /var/log/graylog/collector-sidecar
tags:
- linux
- nginx
- phpfpm

I don't think that I'm using any type of module for which I'd have to override any settings, and yet, log lines like these are still getting shipped:

192.168.8.10 - - [21/Jan/2020:10:01:24 +0100] "GET /ping HTTP/1.0" 200 15

I've tried a variety of regular expressions and this one is the simplest that should match this line (and perhaps others but I don't care at the moment).

Any ideas what else I could check?

Hi @kwisatz,

Just in case it is being misinterpreted, could you try to quote the pattern in exclude_lines?

filebeat:
  prospectors:
  - document_type: log
    exclude_lines:
    - '.*ping.*'
...

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.