Container logs are not injesting properly to elastic fleet agents

krishnaabylle · December 19, 2022, 10:49am

HI,
As we rolled out our elastic agents in new clusters through fleets, all logs are coming to Metrics-* and Logs-* from Kubernetes containers. As per documentation all the logs should come to Logs-* and Metrics-*.
We have each fleet agent policy per environment .
if we edit collect Kubernetes container logs and go to advanced options the ingestion path was showing as logs-kubernetes.container_logs-1.17.2. This means all the data is coming to logs.
But when we go to data streams It is sending data to Metrics.
Our main concern here is we are not seeing the actual logs coming. We need to know why its showing for metrics and not for logs when we see in data streams.
and also need to know where the actual logs we are getting.

Deployment id is slzelasticdev - Deployment ID (e116e73) (running with v8.5.2)

Thanks ,
Krishna B

system · January 16, 2023, 10:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Julia_Bardi · February 13, 2023, 4:08pm

Hello!

It could be that the integration is not configured correctly or the agent can't access the log files.
The data streams are only created when the first logs are ingested.
You should look at the Agent logs to see if there are any errors.

You may open a support case to get help on your specific issue: