-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filter grep exclude do not work properly #9753
Comments
It's hard to tell without sample data and the examples. |
Example log in
This produces in fluentbit two outputs:
My parsers looks like this:
and filters:
So parser and modify are applied properly (added As a final my OUTPUT looks like this:
|
Bug Report
Describe the bug
According to:
https://docs.fluentbit.io/manual/pipeline/filters/grep
It's possible to use regex in grep filter, but even if regex properly catch phrase on rubular it's still send to elasticsearch.
To Reproduce
https://rubular.com/r/SgsgprT8Ndnk6d (qmailnospam parser)
https://rubular.com/r/TjcZTQ7T0iY3K7 (qmailspam parser)
Create two inputs on the same log with diffrent databases and tags:
Apply filters:
And I see the same log in elasticsearch with sascore and without sascore - as it's parsed two times, but
Exclude log /SA:SPAM\-\D+\:RC:/
should exclude this log fromlogs.qmail
so only log with should be send to ES.According to: https://stackoverflow.com/questions/58032099/exclude-pattern-on-a-grep-filter-on-fluent-bit-does-not-seem-to-be-working
I've tried with Exclude in //, without etc
Expected behavior
Exclude will exclude logs based on regex
Your Environment
The text was updated successfully, but these errors were encountered: