Error extracting container ID when using Fleet-managed Docker integration

DougR · December 21, 2022, 7:29pm

I am attempting to monitor docker container logs and metrics using the Fleet-managed Docker integration with Elastic Agent. The metrics are ingesting as expected, however logs are not being ingested as expected. I've validated that container logs are where the integration expects them to be (/var/lib/docker/containers/${docker.container.id}/*-json.log).

When I set the log level to debug for the Elastic Agent, I see the following in the agent logs:

12:47:01.468
elastic_agent.filebeat
[elastic_agent.filebeat][debug] Error while extracting container ID from source path: index is out of range for field 'log.file.path'

The inputs section of the policy being generated by Fleet is:

inputs:
  - id: docker/metrics-docker-89b8c9ff-d930-407e-97ce-d2dc253b5fe6
    name: docker
    revision: 9
    type: docker/metrics
    use_output: default
    meta:
      package:
        name: docker
        version: 2.3.0
    data_stream:
      namespace: default
    package_policy_id: 89b8c9ff-d930-407e-97ce-d2dc253b5fe6
    streams:
      - id: docker/metrics-docker.container-89b8c9ff-d930-407e-97ce-d2dc253b5fe6
        data_stream:
          dataset: docker.container
          type: metrics
        period: 10s
        hosts:
          - 'unix:///var/run/docker.sock'
        metricsets:
          - container
        labels.dedot: true
      - id: docker/metrics-docker.cpu-89b8c9ff-d930-407e-97ce-d2dc253b5fe6
        data_stream:
          dataset: docker.cpu
          type: metrics
        period: 10s
        hosts:
          - 'unix:///var/run/docker.sock'
        metricsets:
          - cpu
        labels.dedot: true
      - id: docker/metrics-docker.diskio-89b8c9ff-d930-407e-97ce-d2dc253b5fe6
        data_stream:
          dataset: docker.diskio
          type: metrics
        period: 10s
        hosts:
          - 'unix:///var/run/docker.sock'
        metricsets:
          - diskio
        labels.dedot: true
        skip_major:
          - 9
          - 253
      - id: docker/metrics-docker.event-89b8c9ff-d930-407e-97ce-d2dc253b5fe6
        data_stream:
          dataset: docker.event
          type: metrics
        period: 10s
        hosts:
          - 'unix:///var/run/docker.sock'
        metricsets:
          - event
        labels.dedot: true
      - id: docker/metrics-docker.healthcheck-89b8c9ff-d930-407e-97ce-d2dc253b5fe6
        data_stream:
          dataset: docker.healthcheck
          type: metrics
        period: 10s
        hosts:
          - 'unix:///var/run/docker.sock'
        metricsets:
          - healthcheck
        labels.dedot: true
      - id: docker/metrics-docker.info-89b8c9ff-d930-407e-97ce-d2dc253b5fe6
        data_stream:
          dataset: docker.info
          type: metrics
        period: 10s
        hosts:
          - 'unix:///var/run/docker.sock'
        metricsets:
          - info
      - id: docker/metrics-docker.memory-89b8c9ff-d930-407e-97ce-d2dc253b5fe6
        data_stream:
          dataset: docker.memory
          type: metrics
        period: 10s
        hosts:
          - 'unix:///var/run/docker.sock'
        metricsets:
          - memory
        labels.dedot: true
      - id: docker/metrics-docker.network-89b8c9ff-d930-407e-97ce-d2dc253b5fe6
        data_stream:
          dataset: docker.network
          type: metrics
        period: 10s
        hosts:
          - 'unix:///var/run/docker.sock'
        metricsets:
          - network
        labels.dedot: true
  - id: filestream-docker-89b8c9ff-d930-407e-97ce-d2dc253b5fe6
    name: docker
    revision: 9
    type: filestream
    use_output: default
    meta:
      package:
        name: docker
        version: 2.3.0
    data_stream:
      namespace: default
    package_policy_id: 89b8c9ff-d930-407e-97ce-d2dc253b5fe6
    streams:
      - id: 'docker-container-logs-${docker.container.name}-${docker.container.id}'
        data_stream:
          dataset: docker.container_logs
          type: logs
        paths:
          - '/var/lib/docker/containers/${docker.container.id}/*-json.log'
        parsers:
          - container:
              stream: all
              format: docker
        processors: null

Edit

Using Elastic Cloud 8.5.3/Elastic Agent 8.5.2/Docker integration 2.3.0

DougR · December 22, 2022, 3:37pm

In doing some research, I found Issue #27216 for the Kubernetes integration. Based on this, I added the following to my Docker integration processors:

- add_docker_metadata:
    match_source_index: 4

This resolved the issue.

I will submit a issue for this.

system · January 19, 2023, 3:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kubernete integration with Fleet Elastic Cloud on Kubernetes (ECK) docker , fleet , elastic-agent	2	383	August 4, 2022
[Filebeat] Windows: add_docker_metadata cannot extract Container ID Beats	1	756	November 21, 2018
Elastic Agent Configured By Fleet - Integrations Using MetricBeat - this action is granted by the index privileges error Beats docker , metricbeat	1	244	October 14, 2022
Add_docker_metadata failing to get container id if logs are in different path Beats filebeat	6	2300	September 7, 2018
Elastic Docker Integration - not collecting logs Elastic Agent	5	982	April 3, 2023

Error extracting container ID when using Fleet-managed Docker integration

Edit

Related topics