ELK no read logs from docker containers

angie · May 24, 2019, 10:13am

hello,

Filebeat is not reading docker logs, of course, because of permission:
Exiting: error initializing publisher: error initializing processors: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Could you please tell me what command should I add?

docker-compose.yml
filebeat:
image: docker.elastic.co/beats/filebeat:6.6.0
volumes:
- ./conf/filebeat.yml:/usr/share/filebeat/filebeat.yml
- /var/lib/docker/containers:/var/lib/docker/containers:ro
depends_on:
- elasticsearch

filebeat.yml

filebeat.inputs:
- type: docker
  containers.ids: '*'
  json.message_key: message
  json.keys_under_root: true
  json.add_error_key: true
  json.overwrite_keys: true

processors:
- add_docker_metadata: ~

# setup filebeat to send output to logstash
output.logstash:
  hosts: ["localhost:5044"]

I look forward to hearing from you.

faec · May 28, 2019, 7:18pm

This looks like possibly a problem in the docker environment rather than the filebeat configuration. Is the Docker daemon running, and if so what do you see in /var/run/docker.sock?

system · June 25, 2019, 7:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cannot connect logstash in filebeat in my Spring Boot ELK Logstash docker	1	911	May 15, 2022
Filebeat daemon Beats docker , filebeat	5	442	May 5, 2022
Filebeat not collecting docker logs Beats filebeat	5	4581	January 17, 2020
Filebeat Container Cannot Connect to Docker Daemon Beats filebeat	3	1753	October 15, 2020
Filebeat not reading log files Beats filebeat	4	3088	April 24, 2020

ELK no read logs from docker containers

Related Topics