How to find the ingest pipeline used to parse for Nginx logs

Elastic Stack Kibana
1

Hi,

I am using Elastic cloud to send our Nginx logs using Filebeat Nginx module.
However, the Nginx log is not parsed and gives "Provided Grok expressions do not match field value" error.

The event.original field that contains the log is of JSON format. And I want to change the processor from Grok to JSON in the ingest pipeline.

However, I cannot figure out which ingest pipeline is used in Kibana to parse my Nginx logs.
How can I find out which pipeline is used and to change the pipeline? Is this something I can do in Kibana, or do I need change the configuration file?

This is my nginx.yml config:

- module: nginx
  access:
    enabled: true
    input:
      pipeline: filebeat-8.2.0-nginx-access-pipeline-custom
    var.paths: ["/shared/log/access_nginx.log"]
  error:
    enabled: true
    var.paths: ["/shared/log/error_nginx.log"]

Thank you.

2

Hello,

you can see all the pipelines in Kibana --> management page. Which Kibana version are you using? It depends a little of the version.

For example, in v8.3.2:

pipelines
pipelines1210×782 58.1 KB

pipelines2
pipelines21638×626 36 KB

If you click the pipeline you'll see the patterns.

Hope it helps.

1 Like
3

Thanks a lot Daniel.
Yeap, found them.

1 Like
4

Nice!

If you mark my previous response as solution it will help other users also.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.