Dynamic pipeline selection with Kubernetes Autodiscover hints

spiffytech · November 19, 2018, 9:28pm

I'm using Filebeat in Kubernetes with Autodiscover turned on. How can I route a specific container's logs to a specific ElasticSearch ingest pipeline, so that I can process the logs with the appropriate format grok pattern?

pierhugues · November 20, 2018, 1:45pm

Hello @spiffytech

You could route events with specific labels to specific indices/pipeline.

output.elasticsearch:
  hosts: ["http://xxxxxxx:9200"]
  index: "filebeat-%{[beat.version]}-%{+yyyy.MM}"
  indices:
  - index: "filebeat--%{[beat.version]}-%{+yyyy.MM}"
    pipeline: pihole-logging
    when.is:
      myfield: "myfieldvalue"

See https://www.elastic.co/guide/en/beats/filebeat/6.5/elasticsearch-output.html#indices-option-es for more details.

system · December 18, 2018, 1:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Send k8s logs with Filebeat to separate indices Beats filebeat	2	2071	October 30, 2020
K8s filebeat Beats filebeat	2	267	July 24, 2018
Filebeat to elasticsearch's ingest node in Kubernetes Elasticsearch	1	577	December 31, 2018
Filebeat Not Shipping Container logs from Kubernetes Beats docker , filebeat	10	501	April 10, 2024
Configuration to process certain logs with pipeline using Autodiscover Beats filebeat	2	368	June 26, 2021

Dynamic pipeline selection with Kubernetes Autodiscover hints

Related topics