Update pipeline filebeat-6.5.1-nginx-access-default - Error

Trying to update the default pipeline that parses access log files from nginx in order to manage upstream_response time. This pipeline is installed by Filebeat Nginx module.

As you can check, I added extra field at the end of grok pattern:

"grok" : {
          "patterns" : [
            "%?{IP_LIST:nginx.access.remote_ip_list} - %{DATA:nginx.access.user_name} \\[%{HTTPDATE:nginx.access.time}\\] \"%{GREEDYDATA:nginx.access.info}\" %{NUMBER:nginx.access.response_code} %{NUMBER:nginx.access.body_sent.bytes} \"%{DATA:nginx.access.referrer}\" \"%{DATA:nginx.access.agent}\" %{NUMBER:nginx.access.upstream_response_time}"

When updating the pipeline via curl command line, I get the error :
"target of repeat operator is not specified"

The pb is actualy the leading '?' in grok pattern "%?{IP_LIST:nginx.acce.......

Does anyone know the reason why we have this leading '?' ... it does not look like the optional field syntax in grok (%{....}?)

Many thanks for your support

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.