Yet another exclude_lines thread

kwisatz · January 23, 2020, 12:30pm

I'm sorry to have to open yet another exclude_lines thread, but having read all the available threads and checked all possibilities, I still can't get the exclude_lines option to work.

My config is:

filebeat:
  prospectors:
  - document_type: log
    exclude_lines:
    - .*ping.*
    fields:
      gl2_source_collector: bd4ffc76-23b4-49c1-87df-******
    ignore_older: 0
    input_type: log
    paths:
    - /var/log/nginx/*.log
    scan_frequency: 10s
    tail_files: true
output:
  logstash:
    hosts:
    - *****:5044
path:
  data: /var/cache/graylog/collector-sidecar/filebeat/data
  logs: /var/log/graylog/collector-sidecar
tags:
- linux
- nginx
- phpfpm

I don't think that I'm using any type of module for which I'd have to override any settings, and yet, log lines like these are still getting shipped:

192.168.8.10 - - [21/Jan/2020:10:01:24 +0100] "GET /ping HTTP/1.0" 200 15

I've tried a variety of regular expressions and this one is the simplest that should match this line (and perhaps others but I don't care at the moment).

Any ideas what else I could check?

jsoriano · January 23, 2020, 3:54pm

Hi @kwisatz,

Just in case it is being misinterpreted, could you try to quote the pattern in exclude_lines?

filebeat:
  prospectors:
  - document_type: log
    exclude_lines:
    - '.*ping.*'
...

system · February 20, 2020, 5:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat exclude lines not working Beats filebeat	5	2053	August 11, 2018
Filebeat exclude line not working :( Beats filebeat	7	12282	January 31, 2018
Using the exclude_lines option Beats filebeat	6	2679	July 5, 2017
How to "exclude_lines but make these exceptions"? Beats filebeat	9	2810	July 5, 2017
Exclude line regex wont work Beats filebeat	5	1062	October 26, 2017

Yet another exclude_lines thread

Related topics