Hi all.
I upgraded Elastic Stack (Elasticsearch + Kibana + Filebeat) from 6.6 to 7.9.3 version.
Previously I used to filter logs by nginx.access.host field. After upgrade - this field disappeared. And I don't see any new filed linked with hostname accessed with nginx. Is it possible to return it back, or use another similar filed?
Hello! I don't see nginx.access.host
field in https://www.elastic.co/guide/en/beats/filebeat/6.6/exported-fields-nginx.html. Do you mean maybe nginx.access.user_name
?
I solved this problem by myself.
I'm using custom nginx log format:
log_format main '$remote_addr - $remote_user [$time_local] "$host $request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
And seems somebody before me customized access pipeline in ingest node, so $host
was parsed. After upgrading from 6.6 to 7.9.3 pipeline was changed and replaced.
I found needed data in nginx.access.info
which was created by GROK and used to be deleted in pipeline.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.