I upgraded Elastic Stack (Elasticsearch + Kibana + Filebeat) from 6.6 to 7.9.3 version.
Previously I used to filter logs by nginx.access.host field. After upgrade - this field disappeared. And I don't see any new filed linked with hostname accessed with nginx. Is it possible to return it back, or use another similar filed?
Hello! I don't see
nginx.access.host field in https://www.elastic.co/guide/en/beats/filebeat/6.6/exported-fields-nginx.html. Do you mean maybe
I solved this problem by myself.
I'm using custom nginx log format:
log_format main '$remote_addr - $remote_user [$time_local] "$host $request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
And seems somebody before me customized access pipeline in ingest node, so
$host was parsed. After upgrading from 6.6 to 7.9.3 pipeline was changed and replaced.
I found needed data in
nginx.access.info which was created by GROK and used to be deleted in pipeline.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.