Hello!
We have installed auditbeat v.7.2 as daemonset on our kubernetes cluster and enabled kubernetes metadata as instructed here:
https://www.elastic.co/guide/en/beats/auditbeat/6.7/add-kubernetes-metadata.html
And the current configuration is:
processors:
- add_kubernetes_metadata:
in_cluster: true
- add_cloud_metadata: null
Though auditbeat correctly sends cloud_metadata to elastic, it doesn't work quite well with kubernetes metadata: it just doesn't send it at all despite the fact that module seems to be enabled in the configuration.
There are no warnings or errors in the debug logfile, and we can see that the module is getting successfully loaded:
2019-07-25T08:14:06.003Z DEBUG [processors] processors/processor.go:93 Generated new processors: add_kubernetes_metadata, add_cloud_metadata
Can anyone help with this? Were there any bugs related to kubernetes introduced in recent auditbeat versions?
Thank you.