We are seeing GROK errors when ingesting nginx logs using the elastic agent nginx integration.
The nginx access & error logs are by default written out to stdout and stderr respectively.
K8s picks these up and funnels them both to a single logfile @ /var/log/pods//controller/.log
We are seeing errors processing the logs which are as follows
Provided Grok expressions do not match field value: [2022-11-09T16:10:35.299909327Z stderr F 2022/11/09 16:10:35 [info] 36#36: 12343 [lua] certificate.lua:226: call(): obtained hostname is nil (the client does not support SNI?), falling back to default certificate, context: ssl_certificate_by_lua, client: 123.10.10.123, server: 10.10.10.10:443 ]
We are running elastic agent 7.17.5