Hi Folks I am in the same boat i believe. I'm using Graylog Server 2.1.2 and Sidecar Collector 0.0.9 (filebeat 1.2.3). and I'm trying to exclude 2 different file types in a filebeat configuration, and cant get it to work as per web recommendations: https://www.elastic.co/guide/en/beats/filebeat/1.2/configuration-filebeat-options.html, https://www.elastic.co/guide/en/beats/filebeat/master/configuration-filebeat-options.html, https://z0z0.me/configure-elasticsearch-logstash-filebeats-with-shield/
In my Graylog server WebUI I have a collector sidecar configuration setup and working fine, and i want to exclude 2 different filetypes...I have tried adding various versions of "exclude_files: ['\.gz$']" under System/Collectors -> Manage Configurations > 'select my configuration' > Configure Beats Inputs > Edit > Additional Fields, but nothing seems to work. Can this work like i think it should? this indicates that it might be able to, but cant tell if this was fully implemented in the version im running: https://github.com/elastic/beats/pull/563 Any good input would be much appreciated :-) Ozzy On Friday, September 30, 2016 at 12:03:35 PM UTC-7, Ahmed Shibani wrote: > > Hello; > > Is it possible to exclude files based on a regular expression when > creating a Beats input in GrayLog 2.1? > > For example, my current filebeat input looks like this: > > filebeat: > prospectors: > - document_type: apache_domlogs > fields: > gl2_source_collector: 084fabcd-fb99-4001-a5a6-ddd86f90e5a7 > ignore_older: 0 > input_type: log > paths: > - /etc/httpd/domlogs/* > scan_frequency: 10s > tail_files: true > > > What I would like to achieve is to exclude all files in the > /etc/httpd/domlogs/ that ends with "bytes_log", something like this: > > filebeat: > prospectors: > - document_type: apache_domlogs > fields: > gl2_source_collector: 084fabcd-fb99-4001-a5a6-ddd86f90e5a7 > ignore_older: 0 > input_type: log > paths: > - /etc/httpd/domlogs/* > exclude_files: "\\-bytes_log$" > scan_frequency: 10s > tail_files: true > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a2ea82c8-944f-4646-9bce-f65cca4690fe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
