I’m trying to use multiple regexp to exclude lines from logs sent by collector/filebeat.
In the web interface, I entered regexps in the format:
[’.test.domain.foo.bar.’, ‘.test.domain.foo.com.’, …]
In the resulting generated Filebeat log, I have my regexp under lines to exclude w/ one line per regexp (lines are dns.json from suricata):
Problem is that matching lines still get sent to Graylog.
Anyone with an idea or exact syntax to use it?