How to find the ingest pipeline used to parse for Nginx logs

Maduranga · August 3, 2022, 7:03am

Hi,

I am using Elastic cloud to send our Nginx logs using Filebeat Nginx module.
However, the Nginx log is not parsed and gives "Provided Grok expressions do not match field value" error.

The event.original field that contains the log is of JSON format. And I want to change the processor from Grok to JSON in the ingest pipeline.

However, I cannot figure out which ingest pipeline is used in Kibana to parse my Nginx logs.
How can I find out which pipeline is used and to change the pipeline? Is this something I can do in Kibana, or do I need change the configuration file?

This is my nginx.yml config:

- module: nginx
  access:
    enabled: true
    input:
      pipeline: filebeat-8.2.0-nginx-access-pipeline-custom
    var.paths: ["/shared/log/access_nginx.log"]
  error:
    enabled: true
    var.paths: ["/shared/log/error_nginx.log"]

Thank you.

79g · August 3, 2022, 11:00am

Hello,

you can see all the pipelines in Kibana --> management page. Which Kibana version are you using? It depends a little of the version.

For example, in v8.3.2:

If you click the pipeline you'll see the patterns.

Hope it helps.

Maduranga · August 4, 2022, 1:22am

Thanks a lot Daniel.
Yeap, found them.

79g · August 4, 2022, 8:26am

Nice!

If you mark my previous response as solution it will help other users also.

system · September 1, 2022, 8:26am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.