Doubling nginx logs

Elastic Stack Beats
1

Hello!
I have used tutorial for parsing nginx logs from Kibana tutorial page: http://localhost:5601/app/kibana#/home/tutorial/nginxLogs?_g=() for DEB system. And everthing is working fine. But in Kibana all my logs have two version. One is version with timestamp from message field and the another one with timestamp of indexing in ElasticSearch. There is my filebeat.yml:

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/nginx/*log

filebeat.config:
  modules: 
    path: /etc/filebeat/modules.d/*.yml

output.elasticsearch:
  hosts: ["localhost:9200"]

setup.kibana:
  host: "localhost:5601"

I simply want have only one type og logs(with timestamp from message field).
Any suggestions?

2

Problem was in filebeat.yml. Logs have gone through filebeat and have doubled because there have been two inputs: one through filebeat.inputs and another one through module input.
Now I prefer to use filebeat.yml like:

filebeat.modules:
- module: nginx
  access:
    var.paths: ["/testvar/nginx/access.log"]
  error:
    var.paths: ["/testvar/nginx/error.log"]

output.elasticsearch:
  hosts: ["localhost:9200"]

setup.kibana:
  host: "localhost:5601"

This filebeat.yml make input only for nginx logs.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.