Using Elasticsearch and Kibana 7.17 with Filebeat and Filebeat-apache module to index apache access and error logs to elasticsearch.
I need to add some more filtering to Apache Error log message
, for that prepared the needed grok expressions and modified the existing ingest pipeline for filebeat-apache error log from kibana
Modified using the kibana editor, added to the grok patterns list in order (req: if one fails to catch then move to next, If no one matches ignore and continue).
,But even after modifying the ingest pipeline and restarting filebeat, the logs are processing like old pipeline, no new keys added, The grok patterns are tested and verified to match the expected error messages.
Can somebody give information about what to do, I'm new to ELK.