I have a doubt with the module for IIS logs. I configured the output of filebeat to connect directly with the elasticsearch and then I've have done the command ".\filebeat.exe setup to make the index in elasticsearch and the dashboards in kibana. But i have a problem...
With the index created automatically, the index doesn't have a field for the IP that comes from "X Forwarded for". Now, my question is:
Can i update the pipeline that parses the IIS logs to add the field for this IP?
If the filed you are looking for is not listed you can use an extra processor like [https://www.elastic.co/guide/en/beats/filebeat/master/processor-script.html](https://www.elastic.co/guide/en/beats/filebeat/master/processor-script.html)script-processor to further analyse the events.
If you think this field is important enough you can open a Github issue requesting for it (or if you want you can contribute it directly ).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
