2

I'm using the ELK stack with Filebeat to capture Nginx logs, no special setup or anything. But I have multiple domains in multiple virtual hosts and from the logs in Kibana can't tell which line is a request for which vhost, there is simply no variable for that.

So how can I change the configuration to do that? Anyone please?

chris_l
  • 57
  • 6
  • How does your nginx log entries look like ? And what do you expect to see in Kibana ? Please provide details and I may suggest something – ben5556 Nov 13 '18 at 01:31
  • A log line looks like this: x.x.x.x - - [13/Nov/2018:08:00:37 +0100] "GET / HTTP/1.1" 302 37 "-" "Mozilla/5.0 ..." Will simply adding an field for the vhost variable suffice? I probably need to configure it somewhere... – chris_l Nov 13 '18 at 09:14
  • Yes, does $host variable work for you ? http://nginx.org/en/docs/http/ngx_http_core_module.html#var_host – ben5556 Nov 13 '18 at 09:29
  • So I've got $host in the log line now, but it doesn't make an appearance in Kibana. Probably more configuration needed. – chris_l Nov 13 '18 at 11:35
  • How does your log file look now ? If filebeat is reading your updated logs and sending it to ES then those should appear in Kibana unless there are errors in filebeat logs – ben5556 Nov 14 '18 at 02:00
  • It looks like this: x.x.x.x - - [13/Nov/2018:08:00:37 +0100] "www.mydomain.de" "GET / HTTP/1.1" 302 37 "-" "Mozilla/5.0 ..." – chris_l Nov 14 '18 at 07:44
  • Then it should also show in your Kibana if filebeat is reading and sending these logs to ES – ben5556 Nov 14 '18 at 09:13

0 Answers0