It appears that the filter.d/miab-munin.conf doesn't catch all failed login attempts to https://box.domain.tld/admin/munin because it only looks for HTTP/1.1 which leaves out HTTP/2.0.

I updated the filter as follow, so it will catch both 1.1 and 2.0 (the same way it is used in: filter.d/nginx-http-auth.conf) and it works perfectly:

failregex=<HOST> - .*GET /admin/munin/.* HTTP/\d+\.\d+" 401.*

I'll open a PR just in case.