I am trying to get logs from specific container in a kubernetes cluster using filebeat auto discover feature. But the condition is not working. IS there a way to apply the filter condition?
filebeat.autodiscover:
providers:
- type: kubernetes
node: ${NODE_NAME}
hints.enabled: true
hints.default_config:
type: container
paths:
- /var/log/containers/*${data.kubernetes.container.id}.log
templates:
- condition:
equals:
kubernetes.container.image: "elasticsearch"
filebeat.modules:
- module: elasticsearch
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
output.elasticsearch:
hosts: xxxx
username: 'xxxx'
password: 'xxxxx'
protocol: https
ssl.verification_mode: certificate
ssl.certificate_authorities: ["xxx"]
ssl.certificate: "xxxx"
ssl.key: "xxxx"
However I am still getting logs from all containers. How can i make the template condition work? I tried with other fields like kubernetes.container.name , kubernetes.labels.release etc and nothing is working.