Processor in auditd module fails

I have a processor defined in the auditd module and seems to be correct based on other posts I have read. No configuration errors and filebeat starts up but I get an error

ERROR instance/beat.go:989 Exiting: Failed to start crawler: creating module reloader failed: could not create module registry for filesets: fileset auditd/input is configured but doesn't exist

This seems to be similar to a post found at this link but it did not solve my issue: System module: error when defining syslog.input.processors

Here is my configuration:

# Module: auditd
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.15/filebeat-module-auditd.html

- module: auditd

  log:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths: ["/var/log/*/audit*"]

  input:
    processors:
      - dissect:
          tokenizer: "%{imfile.timestamp} %{related.hosts} %{imfile.tag} %{message}"
          field: "message"
          target_prefix: ""
          overwrite_keys: "true"

Any thoughts on how to resolve this? Where would I look to see if there are processors predefined in the auditd module as noted in the similar post for the system module?

Hey @parisila, welcome to discuss

I think that there is an indentation problem in your configuration file. input should be at the same level as var.paths`, like this:

- module: auditd

  log:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths: ["/var/log/*/audit*"]

    input:
      processors:
        - dissect:
            tokenizer: "%{imfile.timestamp} %{related.hosts} %{imfile.tag} %{message}"
            field: "message"
            target_prefix: ""
            overwrite_keys: "true"

Otherwise, input is interpreted by filebeat as a different fileset, instead of being interpreted as the input of the log fileset.

Thank you! That resolved the issue.