I am working with a Kubernetes-Cluster and try to get autodsicover (Filebeat 6.2.2) to work. Sadly it doesn't parse nginx logs even tough the field docker.container.image exists and contains the string "nginx" am I doing something wrong here ?
filebeat.autodiscover:
providers:
- type: kubernetes
templates:
- condition.contains:
docker.container.image: nginx
config:
- module: nginx
access:
prospector:
type: docker
containers.ids:
- ${data.docker.container.id}
error:
prospector:
type: docker
containers.ids:
- ${data.docker.container.id}
Since there are not that much modules for different programs I will try to go the logstash way and parse all the logs with logstash. Is there a reason against logstash for parsing the logs off all containers ?