I have a limited number of index names that I can use for each namespace
How can I do this using Kubernetes metadata?
I configured filebeat as below, but red elastic index is not created
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: kube-logging
labels:
k8s-app: filebeat
kubernetes.io/cluster-service: "true"
data:
filebeat.yml: |-
filebeat.autodiscover:
providers:
- type: kubernetes
host: ${HOSTNAME}
hints.enabled: true
labels.dedot: true
annotations.dedot: true
templates:
- condition:
equals:
kubernetes.namespace: test-log #Set the namespace in which your
equals:
kubernetes.namespace: test2 -log #Set the namespace in which your
app is running, can add multiple conditions in case of more than 1 namespace.
config:
- type: container
paths:
- /var/log/pods/*_${data.kubernetes.pod.uid}/${data.kubernetes.container.name}/*.log
processors:
- add_host_metadata:
- add_kubernetes_metadata:
in_cluster: true
output.elasticsearch:
hosts: ['${ELASTICSEARCH_HOST:"quickstart-es-http.technical-bigdata-elk-d.svc.cluster.local"}:${ELASTICSEARCH_PORT:"9200"}']
username: elastic
password: 1K4Q8ituD2k650PzzyES083q
protocol: "https"
ssl.verification_mode: "none"
index: "1w-sre-%{[kubernetes.pod.labels.app]}"
setup.template:
enabled: false
I also used the label kubernetes.pod.labels.app.kubernetes.io/owner but it didn't help
Also, to solve the index problem, I used the following configuration, but instead of using the label, it used the name of the filebeat service to create the index.
indices:
- index: "1w-sre-%{[kubernetes.pod.labels.app]}"
when.contains:
namespace: "test-log"
Does anyone have any ideas to solve this problem?