I'm learning to use ELK and have a debian PC that runs as a test client. every 30 sec it logs a message :
021-01-18T08:29:59.656-0500#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":4096}}}},"cpu":{"system":{"ticks":171310,"time":{"ms":11}},"total":{"ticks":433770,"time":{"ms":24},"value":433770},"user":{"ticks":262460,"time":{"ms":13}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":13},"info":{"ephemeral_id":"e83bbdd5-2482-4ac4-85b9-5b50f2b64e7c","uptime":{"ms":444690082}},"memstats":{"gc_next":20543200,"memory_alloc":12804128,"memory_total":20951973208},"runtime":{"goroutines":54}},"filebeat":{"events":{"added":2,"done":2},"harvester":{"open_files":2,"running":2}},"libbeat":{"config":{"module":{"running":1}},"output":{"events":{"acked":2,"batches":2,"total":2},"read":{"bytes":681},"write":{"bytes":4714}},"pipeline":{"clients":3,"events":{"active":0,"published":2,"total":2},"queue":{"acked":2}}},"registrar":{"states":{"current":15,"update":2},"writes":{"success":2,"total":2}},"system":{"load":{"1":0,"15":0,"5":0,"norm":{"1":0,"15":0,"5":0}}}}}}
I dont want to have this every 30 secconds, so i created a filebeat.yml filter it out in filebeat
under path's section i wrote
exclude_lines :['^INFO#011[monitoring]#011log/log.go:145#011Non-zero']
To no effect, how should the line be ?.
I have a few side questions,
- If it wasnt logged every 30sec it be fine to me, can this status be logged every 5 minutes ?
- Well i'm new to ELK, i would think this line shouldnt be in filebeat (as it should do logs not memmory stats of the system, or am i reading tis wrong ?) On the other hand it isnt bad to know those stats, but then why isnt it nicely shown in Gui
