Apache logs missing SSL Protocol

Despite SSL Protocol and request time showing in my logformat directive in Apache 2.4 I am not seeing either of them in ES/Kibana. How is this fixed? I am using filebeat and shipping logs directly to ES.

Are you using the Filebeat module for this?

Yess

Bump.

Hi @prophoto,

Could you please post the following here?

  1. A sample log line from your Apache log that's not getting ingested into Elasticsearch as you expect.

  2. Your Filebeat apache module configuration.

  3. Which version of Filebeat you're using.

Thanks,

Shaunak

[centos@server9 ~]$ sudo filebeat version
filebeat version 7.8.0 (amd64), libbeat 7.8.0 [f79387d32717d79f689d94fda1ec80b2cf285d30 built 2020-06-14 18:15:37 +0000 UTC]
www.website.com 114.119.154.211 - - [16/Sep/2020:15:30:10 +0000] "GET /user-profile/jprofilename.html HTTP/1.1" 503 1898 "-" "Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+http://aspiegel.com/petalbot)" TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 9758883 9
[centos@server9 ~]$ sudo cat /etc/filebeat/filebeat.yml
logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644

filebeat.config.modules:
  enabled: true
  path: /etc/filebeat/modules.d/*.yml

setup.kibana.host: "https://studio.mydomain.com:5601"
setup.kibana.ssl.enabled: true
setup.kibana.ssl.certificate: "studio.crt.pem"
setup.kibana.ssl.key: "studio.key.pem"
setup.kibana.ssl.certificate_authorities: ["studio.crt.pem"]

output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["studio.mydomain.com:9200"]

  protocol: "https"
  username: "elastic"
  password: "----------------------"
  ssl.certificate: "studio.crt.pem"
  ssl.key: "studio.key.pem"
  ssl.certificate_authorities: ["studio.crt.pem"]