elastic · webmat · Nov 27, 2018 · Nov 14, 2018 · Nov 14, 2018 · Nov 14, 2018
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
@@ -129,6 +129,7 @@ https://github.com/elastic/beats/compare/v6.5.0...v7.0.0-alpha1[View commits]
 - Rename many `iis.access.*` fields to map to ECS. {pull}9084[9084]
 - IIS module's user agent string is no longer encoded (`+` replaced with spaces). {pull}9084[9084]
 - Rename many `haproxy.*` fields to map to ECS. {pull}9117[9117]
+- Rename many `nginx.access.*` fields to map to ECS. {pull}9081[9081]
 
 *Metricbeat*
 

diff --git a/dev-tools/ecs-migration.yml b/dev-tools/ecs-migration.yml
@@ -252,3 +252,80 @@
   to: source.geo.region_iso_code
   alias: true
   copy_to: false
+
+- from: nginx.access.remote_ip_list
+  to: network.forwarded_ip
+  alias: true
+  copy_to: false
+
+- from: nginx.access.user_name
+  to: user.name
+  alias: true
+  copy_to: false
+
+- from: nginx.access.url
+  to: url.original
+  alias: true
+  copy_to: false
+
+- from: nginx.access.agent
+  to: user_agent.original
+  alias: true
+  copy_to: false
+
+ # Note: `http` is not officially in ECS yet
+
+- from: nginx.access.response_code
+  to: http.response.status_code
+  alias: true
+  copy_to: false
+
+- from: nginx.access.referrer
+  to: http.request.referrer
+  alias: true
+  copy_to: false
+
+- from: nginx.access.method
+  to: http.request.method
+  alias: true
+  copy_to: false
+
+- from: nginx.access.http_version
+  to: http.version
+  alias: true
+  copy_to: false
+
+- from: nginx.access.geoip.continent_name
+  to: source.geo.continent_name
+  alias: true
+  copy_to: false
+
+- from: nginx.access.geoip.country_iso_code
+  to: source.geo.country_iso_code
+  alias: true
+  copy_to: false
+
+- from: nginx.access.geoip.location
+  to: source.geo.location
+  alias: true
+  copy_to: false
+
+- from: nginx.access.geoip.region_name
+  to: source.geo.region_name
+  alias: true
+  copy_to: false
+
+- from: nginx.access.geoip.city_name
+  to: source.geo.city_name
+  alias: true
+  copy_to: false
+
+- from: nginx.access.geoip.region_iso_code
+  to: source.geo.region_iso_code
+  alias: true
+  copy_to: false
+
+- from: nginx.access.agent
+  to: user_agent.original
+  alias: true
+  copy_to: false
diff --git a/filebeat/_meta/fields.common.yml b/filebeat/_meta/fields.common.yml
@@ -108,6 +108,13 @@
         Referrer for this HTTP request.
       example: https://blog.example.com/
 
+  # Temporary fixes until ECS is reimported
+    - name: url.original
+      type: keyword
+      description: >
+        Full original url. The field is stored as keyword.
+      example: https://blog.example.com/
+
   # Temporary fix to get 7.0 dashboards working
     - name: fileset.name
       type: alias