Hi,
I am trying to set filebeat with autodiscover based on labels present in the pod.
Below is my config
``yaml
logging.level: debug
logging.selectors: ["autodiscover", "kubernetes", "container"]
filebeat.autodiscover:
providers:
- type: kubernetes
node: ${NODE_NAME}
templates:
- condition:
equals:
kubernetes.labels.elastic-logs-enabled: "true"
config:
- type: container
id: container-logs-${data.kubernetes.container.id}
prospector.scanner.symlinks: true
parsers:
- container: ~
- ndjson:
target: ""
add_error_key: true
message_key: "message"
paths:
- /var/log/containers/*-${data.kubernetes.container.id}.log
output.elasticsearch:
hosts: '["https://${ELASTICSEARCH_HOSTS}"]'
username: '${ELASTICSEARCH_USERNAME}'
password: '${ELASTICSEARCH_PASSWORD}'
protocol: https
It seems no logs are being sent to my elasticsearch cluster…
When I open the filebeat logs I keep seeing these kind of logs:
"message":"Got a start event."
"message":"Got a stop event
What am I doing wrong here?