Good evening,
I use Filebeat for nginx files with ingest, here my filebeat config file:
{
"output.elasticsearch": {
"hosts": [
"172.16.1.3:9200"
],
"template.enabled": false,
"index": "prod-%{+yyyy.MM.dd}"
},
"filebeat.modules": [
{
"access": {
"enabled": true,
"var.paths": [
"/var/log/nginx/access-http.log",
"/var/log/nginx/access-https.log",
],
"encoding": utf-8
},
"module": "nginx"
}
],
"logging.to_files": false,
"logging.files": null,
"tags": ["prod", "service_prod"]
}
Everything work perfectly, I receive the content of both files in my index, my problem is how can I make a difference between the data coming from access-http and the data from access-https?
I tried several key like "document-type", "input-type" duplicate the "access" key inside modules array, also tried to define prospector key, I didn't get error but the value in kibana (and elastic) for type field is always log!!
Which key I need to define to differentiate the data coming from this 2 files, where and what to split to do it?
Thanks for any help.