Collecting logfiles of Docker containers with filebeat running as Docker container

MartinAhrer · March 21, 2017, 9:02am

The compose-file is building the filebeat image as follows:

FROM docker.elastic.co/beats/filebeat:5.2.2
COPY /usr/share/filebeat/filebeat.yml /usr/share/filebeat/filebeat.yml

And the filebeat configuration is:

filebeat.prospectors:
- input_type: log
  paths:
    - /hostfs/var/lib/docker/containers/*/*.log
  document_type: docker
  json.message_key: log

output.logstash:
  hosts: ["logstash:5044"]

The container I believe is running as 'filebeat` as in https://github.com/elastic/beats-docker/blob/master/templates/Dockerfile.j2.
That's exactly what my question was about. Should I build my own filebeat image fixing the permissions thing?
Maybe the UID and GID used in the Dockerfile should be build configurable?

Topic		Replies	Views
ELK no read logs from docker containers Beats filebeat	2	440	June 25, 2019
Filebeat docker image Beats filebeat	5	1100	December 11, 2017
Filebeat Docker Container can't read host log files due to permissions Beats filebeat	5	8053	January 9, 2018
Filebeat in docker doesn't send logs to logstash in another docker Beats filebeat	6	2785	July 19, 2018
Filebeat fails to send docker container logs to Logstash Beats filebeat	4	3635	July 4, 2018

Collecting logfiles of Docker containers with filebeat running as Docker container

Related topics