From c2063ef4d7c2a7208a873d3a871d04011d0c5476 Mon Sep 17 00:00:00 2001
From: RouxAntoine <antoinroux@hotmail.fr>
Date: Tue, 7 Jun 2022 00:45:18 +0200
Subject: [PATCH] add docker tokenizer to extract http header from nginx

---
 filebeat-docker.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/filebeat-docker.yml b/filebeat-docker.yml
index d924987..91bf0a5 100644
--- a/filebeat-docker.yml
+++ b/filebeat-docker.yml
@@ -21,7 +21,8 @@ processors:
       host: "unix:///var/run/docker.sock"
   - add_host_metadata: ~
   - dissect:
-      tokenizer: '%{nginx.remote_addr} - %{nginx.remote_user} [%{nginx.time}] %{nginx.host} "%{nginx.request}" %{nginx.status|integer} %{nginx.http_referer} "%{nginx.http_user_agent}" %{nginx.http_x_forwarded_for} %{nginx.request_id} "%{nginx.geoip_country_name}" %{nginx.geoip_country_code} %{nginx.geoip.lat|double} %{nginx.geoip.lon|double}'
+      tokenizer: '%{nginx.remote_addr} - %{nginx.remote_user} [%{nginx.time}] %{nginx.host} "%{nginx.request}" %{nginx.status|integer} %{nginx.http_referer} "%{nginx.http_user_agent}" %{nginx.http_x_forwarded_for} %{nginx.request_id} "%{nginx.geoip_country_name}" %{nginx.geoip_country_code} %{nginx.geoip.lat|double} %{nginx.geoip.lon|double} req_header:"%{nginx.header.req}" resp_header:"%{nginx.header.resp}"'
+      trim_values: all
       target_prefix: ""
       field: "message"
       when: