Hi Folks I am in the same boat i believe. I'm using Graylog Server 2.1.2 and Sidecar Collector 0.0.9 (filebeat 1.2.3). and I'm trying to exclude 2 different file types in a filebeat configuration, and cant get it to work as per web recommendations: https://www.elastic.co/guide/en/beats/filebeat/1.2/configuration-filebeat-options.html, https://www.elastic.co/guide/en/beats/filebeat/master/configuration-filebeat-options.html, https://z0z0.me/configure-elasticsearch-logstash-filebeats-with-shield/
In my Graylog server WebUI I have a collector sidecar configuration setup and working fine, and i want to exclude 2 different filetypes...I have tried adding various versions of "exclude_files: ['\.gz$']" under System/Collectors -> Manage Configurations > 'select my configuration' > Configure Beats Inputs > Edit > Additional Fields, but nothing seems to work. Can this work like i think it should? this indicates that it might be able to, but cant tell if this was fully implemented in the version im running: https://github.com/elastic/beats/pull/563 Any good input would be much appreciated :-) Ozzy On Friday, September 30, 2016 at 12:03:35 PM UTC-7, Ahmed Shibani wrote: > > Hello; > > Is it possible to exclude files based on a regular expression when > creating a Beats input in GrayLog 2.1? > > For example, my current filebeat input looks like this: > > filebeat: > prospectors: > - document_type: apache_domlogs > fields: > gl2_source_collector: 084fabcd-fb99-4001-a5a6-ddd86f90e5a7 > ignore_older: 0 > input_type: log > paths: > - /etc/httpd/domlogs/* > scan_frequency: 10s > tail_files: true > > > What I would like to achieve is to exclude all files in the > /etc/httpd/domlogs/ that ends with "bytes_log", something like this: > > filebeat: > prospectors: > - document_type: apache_domlogs > fields: > gl2_source_collector: 084fabcd-fb99-4001-a5a6-ddd86f90e5a7 > ignore_older: 0 > input_type: log > paths: > - /etc/httpd/domlogs/* > exclude_files: "\\-bytes_log$" > scan_frequency: 10s > tail_files: true > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a2ea82c8-944f-4646-9bce-f65cca4690fe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.