Autodiscover - docker - catch all others

setiseta · April 12, 2018, 8:00pm

Hello,

I want to setup autodiscover of type docker, do some special configs for some images and at the end I want to catch all other containers to log as is.
But i haven't found how to configure the 'catch all others'.
Can someone give me some hints?

i just found the condition - not - contains / equals - docker.container.image
is this the only way?

when i do a condition - regex - '.*' at the end, i get double configured prospectors & logs
maybe it would be nice to only configure one prospector on autodisover and don't go to other condition if a match is found?

thank you for help.

andrewkroh · April 13, 2018, 3:18pm

Please share the autodiscover config that you are using. It sounds like you are doing it correctly by implementing your "catch all" as the negation of your other condition.

setiseta · April 13, 2018, 6:27pm

Yes for now it works, cause i only have one special configuration.

filebeat.autodiscover:
  providers:
    - type: docker
      templates:
        - condition:
            contains:
              docker.container.image: tomcat
          config:
            - type: docker
              containers.ids:
                - "${data.docker.container.id}"
              multiline.pattern: '^([0-9]{4}-[0-9]{2}-[0-9]{2}|(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d\d)'
              multiline.negate: true
              multiline.match: after
              fields:
                autodiscover: 'image-tomcat'
              pipeline: tomcat_level
        - condition:
            not:
              contains:
                docker.container.image: tomcat
          config:
            - type: docker
              containers.ids:
                - "${data.docker.container.id}"
              fields:
                autodiscover: 'default'

but if i add some more container / image specific config it can get confusing fast. or am i wrong?
so i thought it would be nicier if it stops on first condition match, cause you never want to mach more than one.
or are there cases where more than one match is needed in the autodiscover pipe?

andrewkroh · April 13, 2018, 6:44pm

The person who has probably spent the most time thinking about auto-discover config is @exekias.

@exekias, is there a better way to handle this "catch all" case?

exekias · April 13, 2018, 8:16pm

Hi,

I'm afraid we don't have one yet, this is the open issue to implement this: https://github.com/elastic/beats/issues/6084

Best regards

setiseta · April 14, 2018, 10:00am

Thank you for the information.
Nice to hear this is already addressed.

system · May 12, 2018, 10:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiple conditions with autodiscover & docker containers Beats filebeat	3	7398	November 22, 2018
Cannot get Autodiscover conditions to work Beats docker , filebeat	1	20	September 27, 2024
Is there support for selecting containers other than by container id? Beats docker , filebeat	4	3855	April 5, 2019
AutoDiscover - can't ship docker container logs by image name Beats filebeat	8	2017	January 25, 2018
Filebeat autodiscover for docker does not work on /var/lib/docker/containers Beats filebeat	8	3127	January 15, 2019

Autodiscover - docker - catch all others

Related topics