Hi there:
I am using filebeat 7.9.3 with aws module and elb fileset enabled, running inside k8s.
It is able to parse ALB log, but failed in paring Network load balancer log.
The error message I got is
error.message
Provided Grok expressions do not match field value: [tls 2.0 2020-12-01T21:44:09 net/dynamic-lb-113WV3QTK1Q6O/f1ed246e274f51c9 9fda1d87ff5d5c3c 5.188.206.18:63044 10.30.222.193:10000 7048 - 0 0 - - - - - - - - - -]
where the nlb log message is
tls 2.0 2020-12-01T21:44:09 net/dynamic-lb-113WV3QTK1Q6O/f1ed246e274f51c9 9fda1d87ff5d5c3c 5.188.206.18:63044 10.30.222.193:10000 7048 - 0 0 - - - - - - - - - -
It looks like filebeat-7.9.3-aws-elb-pipeline processor failed to parse NLB log. The latest NLB log has 3 additional entries alpn_fe_protocol, alpn_be_protocol, alpn_client_preference_list that are not included in the grok NLB log pattern
I finally fix the bug in filebeat-7.9.3-aws-elb-pipeline Grok myself by changing %{NUMBER:aws.elb.tls_handshake_time.ms:float} to (?:-|%{NUMBER:aws.elb.tls_handshake_time.ms:float})