I am using Filebeat to ship my IIS logs to Elasticsearch. I enables the IIS module and its successfully shipping the logs.
I have few custom fields which I am writing in IIS logs files. I am seeing the correct value of these fields in log files, but they are not visible in Elasticsearch.
Any body knows how to enable Custom Fields logging in Elasticsearch?
Those events are parsed in Elasticsearch ingest pipelines, you can see the supplied pipelines in Kibana tools with
GET _ingest/pipelines/filebeatiis
You will need to add your custom fields to the appropriate grok patterns and any additional processing that might be needed.
The first matching pattern is used to decode the message. I'm not an IIS SME, so I'm not sure why there are so many different supplied patterns.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.