After all I solved this by myself
Providing the solution if somebody will need this
I enabled debug logging in telegraf with --debug flag and saw the messages that grok can’t find pattern matches in logs. The reason was that there was no IP address of client, because of using $http_x_real_ip instead of the $remote_addr. Previously in Docker Compose it worked because this Nginx instance was behind another proxy, which was passing X-Real-IP header.
Also, to get real IP of client instead of Docker Swarm LB IP, I configured port forwarding in stack file like this.
ports:
- mode: host
target: 80
published: 80
- mode: host
target: 443
published: 443
I wish it will help somebody!
