On a Windows 10 OS, I have a series of docker containers running java applications. Each container internally logs to:
/usr/app/logs/some_log_file_name.log
A sample log entry would look like:
{"timestamp":"2019-04-02T21:28:16.786Z","level":"INFO","machineName":"api-query","appVersion":"${env:LOGGER_APP_VERSION}","appName":"${env:LOGGER_APP_NAME}","logger":"com.lw.spring.api.common.services.CacheService","message":"Region added: permission-cache","thread":"main"}
I wish to be able to visualize those logs in kibana, but haven't been able to get the right configuration going. I'm using filebeat 6.6.2.
Here's what I have now in my filebeat.yml file:
filebeat.autodiscover:
providers:
- type: docker
host: "tcp://127.0.0.1:2375"
templates:
- condition:
contains:
docker.container.image: docker-repo
config:
- type: docker
containers:
ids:
- "${data.docker.container.id}"
filebeat.inputs:
- type: docker
enabled: true
containers:
ids:
- "*"
processors:
- add_docker_metadata:
When I start the service, there are no ERROR logs on the filebeat log file. Aside from not getting any logs in Kibana I also notice in the logs:
- Log entry:
2019-04-03T15:00:05.486-0400 DEBUG [bus] bus/bus.go:72 filebeat: map[start:true host:172.17.0.2 port:6379 docker:{"container":{"id":"d74054963f2e757e66285725e4e5a8e9ebe65f40a32d72dbd0c0b2e25922f593","image":"redis"
Why would it be picking up the "redis" image when I specified the image should contain "docker-repo"?
- Log entry:
2019-04-03T15:00:05.487-0400 INFO log/input.go:138 Configured paths: [C:\var\lib\docker\containers\d1837b011439a0463b5727ea71317a4e2e674c950321f30acb5511cd305a075c*.log]
What is the meaning of these kind of paths? Are these supposed to be paths on the windows host or inside the docker containers?
Appreciate any help I can get,
Bruno