Hi Folks
I am in the same boat i believe. I'm using Graylog Server 2.1.2 and Sidecar 
Collector 0.0.9 (filebeat 1.2.3). and I'm trying to exclude 2 different 
file types in a filebeat configuration, and cant get it to work as per web 
recommendations: 
https://www.elastic.co/guide/en/beats/filebeat/1.2/configuration-filebeat-options.html,
 
https://www.elastic.co/guide/en/beats/filebeat/master/configuration-filebeat-options.html,
 https://z0z0.me/configure-elasticsearch-logstash-filebeats-with-shield/

In my Graylog server WebUI I have a collector sidecar configuration setup 
and working fine, and i want to exclude 2 different filetypes...I have 
tried adding various versions of "exclude_files: ['\.gz$']" under 
System/Collectors -> Manage Configurations > 'select my configuration' > 
Configure Beats Inputs > Edit > Additional Fields, but nothing seems to 
work.

Can this work like i think it should? this indicates that it might be able 
to, but cant tell if this was fully implemented in the version im 
running: https://github.com/elastic/beats/pull/563 

Any good input would be much appreciated :-) 

Ozzy

On Friday, September 30, 2016 at 12:03:35 PM UTC-7, Ahmed Shibani wrote:
>
> Hello;
>
> Is it possible to exclude files based on a regular expression when 
> creating a Beats input in GrayLog 2.1?
>
> For example, my current filebeat input looks like this:
>
> filebeat:
>   prospectors:
>   - document_type: apache_domlogs
>     fields:
>       gl2_source_collector: 084fabcd-fb99-4001-a5a6-ddd86f90e5a7
>     ignore_older: 0
>     input_type: log
>     paths:
>     - /etc/httpd/domlogs/*
>     scan_frequency: 10s
>     tail_files: true
>
>
> What I would like to achieve is to exclude all files in the 
> /etc/httpd/domlogs/ that ends with "bytes_log", something like this:
>
> filebeat:
>   prospectors:
>   - document_type: apache_domlogs
>     fields:
>       gl2_source_collector: 084fabcd-fb99-4001-a5a6-ddd86f90e5a7
>     ignore_older: 0
>     input_type: log
>     paths:
>     - /etc/httpd/domlogs/*
>     exclude_files: "\\-bytes_log$"
>     scan_frequency: 10s
>     tail_files: true
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a2ea82c8-944f-4646-9bce-f65cca4690fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to