How to wirte pipiline.yaml file for filebeat nginx module for access log?

i have a custom log format and generated a grok pattern for that which looks like:

120.89.102.147 - - [05/May/2020:06:35:58 +0000] "GET /api/licensing/info HTTP/1.1" 200 343 "https://kibana-qa.unation.com/app/kibana" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0" "-" 0.016 172.19.9.224:5601 200 0.016 0.000 0.016 f4453f8fc024aacb17351d6a2b74c7e7

%{IPORHOST:remote_addr} - %{DATA:ident} \[%{HTTPDATE:time_local}\] \"%{WORD:http_method} %{DATA:url} HTTP/%{NUMBER:http_version}\" %{NUMBER:response_code} %{NUMBER:body_sent_bytes} \"%{DATA:referrer}\" \"%{DATA:agent}\" %{DATA:xforwardedfor} %{NUMBER:request_time} %{IP:upstream_addr}:%{POSINT:port} %{NUMBER:upstream_status} %{NUMBER:upstream_response_time} %{NUMBER:upstream_connect_time} %{NUMBER:upstream_header_time} %{BASE16NUM:request_id}

{ "remote_addr": [ [ "120.89.102.147" ] ], "ident": [ [ "-" ] ], "time_local": [ [ "05/May/2020:06:35:58 +0000" ] ], "http_method": [ [ "GET" ] ], "url": [ [ "/api/licensing/info" ] ], "http_version": [ [ "1.1" ] ], "response_code": [ [ "200" ] ], "body_sent_bytes": [ [ "343" ] ], "referrer": [ [ "https://kibana-qa.unation.com/app/kibana" ] ], "agent": [ [ "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0" ] ], "xforwardedfor": [ [ " "-"" ] ], "request_time": [ [ "0.016" ] ], "upstream_addr": [ [ "172.19.9.224" ] ], "port": [ [ "5601" ] ], "upstream_status": [ [ "200" ] ], "upstream_response_time": [ [ "0.016" ] ], "upstream_connect_time": [ [ "0.000" ] ], "upstream_header_time": [ [ "0.016" ] ], "request_id": [ [ "f4453f8fc024aacb17351d6a2b74c7e7" ] ] }

how to write the default.json file for nginx access which will be ingested to elasticsearch?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.