Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
I can’t easily graph IP addressess in my nginx and apache logs because filebeat doesn’t parse any of the message content. I want to direct some logs into different streams so I can create fields to filter/graph on but not sure what the correct way is to do it.
2. Describe your environment:
Linux Ubuntu 18.04
Service logs, configurations, and environment variables:
I have filebeat installed on all my hosts which send logs to the Beats local input “Filebeats” on my graylog host. All these messages are in the All Messages stream
3. What steps have you already taken to try and solve the problem?
Read up on Pipelines, Extractors, Inputs, Stages and Rules. Some posts I ran across said not to go with Pipelines due to deprecation. This is how I set up my rules many years ago but not sure what is the correct way now.
4. How can the community help?
Where should I look to find updated information to organize my logs so i can easily graph or search IP addresses or Apache request content.The regex pipeline rules were super hard to debug so wondering if this process has gotten easier or do I need to go the marketplace instead and download an Apache Extractor and create an input somehow?
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]