Dynamic pipeline selection with Kubernetes Autodiscover hints

spiffytech · November 19, 2018, 9:28pm

I'm using Filebeat in Kubernetes with Autodiscover turned on. How can I route a specific container's logs to a specific ElasticSearch ingest pipeline, so that I can process the logs with the appropriate format grok pattern?

pierhugues · November 20, 2018, 1:45pm

Hello @spiffytech

You could route events with specific labels to specific indices/pipeline.

output.elasticsearch:
  hosts: ["http://xxxxxxx:9200"]
  index: "filebeat-%{[beat.version]}-%{+yyyy.MM}"
  indices:
  - index: "filebeat--%{[beat.version]}-%{+yyyy.MM}"
    pipeline: pihole-logging
    when.is:
      myfield: "myfieldvalue"

See https://www.elastic.co/guide/en/beats/filebeat/6.5/elasticsearch-output.html#indices-option-es for more details.

system · December 18, 2018, 1:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
K8s filebeat Beats filebeat	2	267	July 24, 2018
Filebeat to elasticsearch's ingest node in Kubernetes Elasticsearch	1	578	December 31, 2018
Send k8s logs with Filebeat to separate indices Beats filebeat	2	2076	October 30, 2020
Filebeat on Kubernetes setup pipelines Beats filebeat	1	355	July 3, 2019
Configuration to process certain logs with pipeline using Autodiscover Beats filebeat	2	370	June 26, 2021

Dynamic pipeline selection with Kubernetes Autodiscover hints

Related topics