Hello!
I am using filebeat 7.17.6 and I am using the nginx module.
I have altered the access log pipeline to include additional fields.
Everything is grokked fine.
My issue is that when i define the additional fields they are added to the filebeat-* template and not to my custom nginx-logs* template.
my config :
name: ${BEAT_NAME:default}
filebeat.modules:
#--------------------------------- Nginx Module ---------------------------------
- module: nginx
# Access logs
access:
enabled: true
var.paths: ["/nginx/*access.log"]
error:
enabled: true
var.paths: ["/nginx/error.log"]
setup.template.settings:
index.number_of_shards: 1
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["172.17.0.1:9243"]
index: "nginx-logs-%{+yyyy.MM.dd}"
username: "beat_user"
password: "beat_pass"
protocol: https
ssl.verification_mode: none
headers:
X-Found-Cluster: ${FILEBEAT_OUTPUT_ES_CLUSTER_ID}
setup:
ilm:
enabled: true
overwrite: true
rollover_alias: "nginx-logs"
pattern: "{now/d}-000001"
policy_file: /usr/share/filebeat/ilm.policy.nginx.json
template:
name: "nginx-logs"
overwrite: true
pattern: "nginx-logs*"
append_fields:
- name: nginx.access.request_time
type: float
- name: nginx.access.upstream_header_time
type: float
- name: nginx.access.upstream_connect_time
type: float
- name: nginx.access.upstream_response_time
type: float
xpack.monitoring.enabled: true