0
filebeat不會過濾消息。以下是消息elasticsearch的Filebeat不會過濾
"message": "172.31.25.199 - - [07/Jun/2016:13:07:26 +0000] \"GET /api HTTP/1.1\" 200 27 \"-\" \"ELB-HealthChecker/1.0\"",
我想篩選「ELB-HealthChecker/1.0 \」並排除。然而我看到了這些信息。爲什麼?
filebeat:
prospectors:
-
paths:
- "/tmp/api.log"
- "/var/log/nginx/access.log"
- "/var/log/nginx/error.log"
fields:
type: log
exclude_lines: ["^ELB-HealthChecker"]
output:
logstash:
hosts: ["127.0.0.1:5043"]
在正則表達式,''^意味着開頭......在你的榜樣行,你行不啓動ELB-HealthChecker,也許你應該嘗試一些像'* ELB-HealthChcker *'的東西 –