spujadas
commented
4 years ago Thank you very much! Thoroughly appreciate you working out and giving the solution to fix the issue.
Closed ghost closed 4 years ago
spujadas
commented
4 years ago Thank you very much! Thoroughly appreciate you working out and giving the solution to fix the issue.
The example configuration for filebeat.yaml as shown in the documentation mentions
[...] document_type: nginx-access [...]
However, this field has been removed (at least in v7 it is) and is being ignored by filebeat, which results in nginx (and other) messages not being parsed correctly. (It also leads to quite some time troubleshooting if you don't know it) This can be mitigated by using [...] fields_under_root: true fields: type: nginx-access [...]
Using this configuration, no other changes have to be made - it should be changed in the documentation.
Cheers