Hello!
I am trying to setup Elastic Agent to monitor Kubernetes cluster (Azure).
I have successfully installed and configured agents using this guide (had to change image version to 8.1.1 as 8.1.2 does not exist)
But ther is a problem, thousands of errors flrom filebeat "Error extracting container id - source value does not contain matcher's logs_path '/var/lib/docker/containers/'." at add_kubernetes_metadata/matchers.go.
I guess it's related to this issue and default docker metadata enabled by default.
I ssh-ed to running agent and indeed found this processors enabled in filebeat:
In my case at /usr/share/elastic-agent/data/elastic-agent-7f30bb/install/filebeat-8.1.1-linux-x86_64/filebeat.yml
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
As I understand, AKS runs containerd, so /var/lib/docker/containers/ is empty, hence the error.
Is there any way to disable those default processors and avoid errors spam?
Thank you!