From fbc86f43ec9e13e2800a0a52997ba85b389ad459 Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Thu, 24 Mar 2022 13:03:03 -0400
Subject: [PATCH] Add exclude filter for logs for when there are no results
 from analysis

---
 salt/filebeat/etc/filebeat.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 7efa391e2..62a45e9c4 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -269,7 +269,7 @@ filebeat.inputs:
 - type: filestream
   paths:
     - /nsm/rita/beacons.csv
-  exclude_lines: ['^Score', '^Source', '^Domain']
+  exclude_lines: ['^Score', '^Source', '^Domain', '^No results']
   fields:
     module: rita
     dataset: beacon
@@ -285,7 +285,7 @@ filebeat.inputs:
   paths:
     - /nsm/rita/long-connections.csv
     - /nsm/rita/open-connections.csv
-  exclude_lines: ['^Source']
+  exclude_lines: ['^Source', '^No results']
   fields:
     module: rita
     dataset: connection
@@ -300,7 +300,7 @@ filebeat.inputs:
 - type: filestream
   paths:
     - /nsm/rita/exploded-dns.csv
-  exclude_lines: ['^Domain']
+  exclude_lines: ['^Domain', '^No results']
   fields:
     module: rita
     dataset: dns