0
filebeat不会过滤消息。以下是消息elasticsearch的Filebeat不会过滤
"message": "172.31.25.199 - - [07/Jun/2016:13:07:26 +0000] \"GET /api HTTP/1.1\" 200 27 \"-\" \"ELB-HealthChecker/1.0\"",
我想筛选“ELB-HealthChecker/1.0 \”并排除。然而我看到了这些信息。为什么?
filebeat:
prospectors:
-
paths:
- "/tmp/api.log"
- "/var/log/nginx/access.log"
- "/var/log/nginx/error.log"
fields:
type: log
exclude_lines: ["^ELB-HealthChecker"]
output:
logstash:
hosts: ["127.0.0.1:5043"]
在正则表达式,''^意味着开头......在你的榜样行,你行不启动ELB-HealthChecker,也许你应该尝试一些像'* ELB-HealthChcker *'的东西 –