`Provided Grok expressions do not match field value:` for logs ingested using nginx elastic agent integration

We are seeing GROK errors when ingesting nginx logs using the elastic agent nginx integration.

The nginx access & error logs are by default written out to stdout and stderr respectively.
K8s picks these up and funnels them both to a single logfile @ /var/log/pods//controller/.log

We are seeing errors processing the logs which are as follows

Provided Grok expressions do not match field value: [2022-11-09T16:10:35.299909327Z stderr F 2022/11/09 16:10:35 [info] 36#36: 12343 [lua] certificate.lua:226: call(): obtained hostname is nil (the client does not support SNI?), falling back to default certificate, context: ssl_certificate_by_lua, client: 123.10.10.123, server: 10.10.10.10:443​ ]

We are running elastic agent 7.17.5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.