This repository has been archived by the owner on Aug 16, 2024. It is now read-only.

How exclude head from logs #1

Open

vinceplayer opened this issue Feb 8, 2021 · 0 comments

vinceplayer commented Feb 8, 2021 •

edited

Loading

When I do the filter and the next math, the log header is also managed:

`<source>
  @type tail
  format tsv
  keys ts,uid,id.orig_h,id.orig_p,id.resp_h,id.resp_p,proto,service,duration,ori
  path /usr/jail/jail_suri_zeek/usr/local/etc/zeek/spool/logger/conn.log
  pos_file /var/lib/google-fluentd/pos/zeek-conn.pos
  read_from_head true
  null_value_pattern ^(-|null|NULL)$
  tag zeek_conn
</source>`

#separator \ x09
#set_separator,
#empty_field (empty)
#unset_field -
#path conn
#open 2021-02-08-12-25-10
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents vlan inner_vlan orig_addr2 resp_addr2

The text was updated successfully, but these errors were encountered:

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.