I’m trying to use multiple regexp to exclude lines from logs sent by collector/filebeat.
In the web interface, I entered regexps in the format:
[’.test.domain.foo.bar.’, ‘.test.domain.foo.com.’, …]
In the resulting generated Filebeat log, I have my regexp under lines to exclude w/ one line per regexp (lines are dns.json from suricata):
Just made a copy/paste error when posting my initial message, didn’t saw that your platform is escaping them My regexp are indeed in the form like you propose:
.*test\.domain-1\.foo\.bar.*
Validated then in Go against full message and they are correct. Just upgraded to collector 0.1.1, will try to see if it changes anything.