Hello Everyone,
I'm using Filebeat's iis module to ingest IIS logs into ES.
All is going well and I'm able to successfully ingest my logs into ES.
However, there is an iis data field called x-forwarded-for that is not recognized by Filebeat and does not get parsed/ingested into ES. A quick Google search shows that this field was not supported by Filebeat as of late 2018. Has this changed at all with the latest release of Filebeat?? Is anyone aware of a way around this? Perhaps to edit the fields.yml file manually to include this missing field? Any help/suggestions are greatly appreciated!
Thanks All!