I'm sorry to have to open yet another
exclude_lines thread, but having read all the available threads and checked all possibilities, I still can't get the
exclude_lines option to work.
My config is:
filebeat: prospectors: - document_type: log exclude_lines: - .*ping.* fields: gl2_source_collector: bd4ffc76-23b4-49c1-87df-****** ignore_older: 0 input_type: log paths: - /var/log/nginx/*.log scan_frequency: 10s tail_files: true output: logstash: hosts: - *****:5044 path: data: /var/cache/graylog/collector-sidecar/filebeat/data logs: /var/log/graylog/collector-sidecar tags: - linux - nginx - phpfpm
I don't think that I'm using any type of module for which I'd have to override any settings, and yet, log lines like these are still getting shipped:
192.168.8.10 - - [21/Jan/2020:10:01:24 +0100] "GET /ping HTTP/1.0" 200 15
I've tried a variety of regular expressions and this one is the simplest that should match this line (and perhaps others but I don't care at the moment).
Any ideas what else I could check?