Nginx field disappeared after filebeat upgrade

Hi all.
I upgraded Elastic Stack (Elasticsearch + Kibana + Filebeat) from 6.6 to 7.9.3 version.
Previously I used to filter logs by nginx.access.host field. After upgrade - this field disappeared. And I don't see any new filed linked with hostname accessed with nginx. Is it possible to return it back, or use another similar filed?

Hello! I don't see nginx.access.host field in https://www.elastic.co/guide/en/beats/filebeat/6.6/exported-fields-nginx.html. Do you mean maybe nginx.access.user_name?

I solved this problem by myself.

I'm using custom nginx log format:

log_format  main  '$remote_addr - $remote_user [$time_local] "$host $request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

And seems somebody before me customized access pipeline in ingest node, so $host was parsed. After upgrading from 6.6 to 7.9.3 pipeline was changed and replaced.

I found needed data in nginx.access.info which was created by GROK and used to be deleted in pipeline.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.