Filebeat Container Cannot Connect to Docker Daemon

Elastic Stack Beats
1

I'm attempting to configure Filebeat to monitor some log files on one of our machines. I've created a compose file that looks like the following:

version: '2.2'
services:
  filebeat:
  image: docker.elastic.co/beats/filebeat:7.9.1
  container_name: filebeat
  restart: always
  environment:
    - bootstrap.memory_lock=true
    - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
  ulimits:
    memlock:
      soft: -1
      hard: -1
  volumes:
    - data01:/usr/share/filebeat/data
    - /usr/share/docker/mnt/filebeat/filebeat.docker.yml:/usr/share/filebeat/filebeat.yml
  networks:
     - elastic
volumes:
  data01:
    driver: local
networks:
  elastic:
    driver: bridge

My filebeat.yml file is mapped to the file filebeat.docker.yml on the host machine, which contains:

filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false

filebeat.autodiscover:
  providers:
    - type: docker
      hints.enabled: true

processors:
- add_cloud_metadata: ~

output.elasticsearch:
    hosts: '{MY_ES_SERVER}:9200'

setup.kibana:
   host: '{MY_KIBANA_SERVER}:5601'

When I try to bring the container up, I get the following error at the end of the log:

filebeat | 2020-09-16T17:48:11.881Z INFO [monitoring] log/log.go:131 Stopping metrics logging.
filebeat | 2020-09-16T17:48:11.881Z INFO instance/beat.go:456 filebeat stopped.
filebeat | 2020-09-16T17:48:11.881Z ERROR instance/beat.go:951 Exiting: error in autodiscover provider settings: error setting up docker autodiscover provider: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
filebeat | Exiting: error in autodiscover provider settings: error setting up docker autodiscover provider: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
filebeat exited with code 1

I have verified that the docker daemon is running:

● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2020-09-16 13:37:07 EDT; 1h 2min ago
Docs: https://docs.docker.com
Main PID: 4134 (dockerd)
Tasks: 12
Memory: 46.0M

I've verified that Docker itself can communicate with the daemon:

Server:
 Containers: 1
  Running: 0
  Paused: 0
  Stopped: 1
 Images: 1
 Server Version: 19.03.12
...

I've verified that docker.sock is accessible to the docker group:

srw-rw----  1 root           docker            0 Sep 16 13:37 docker.sock

At this point I'm unsure what else to try. Can anyone please assist me with resolving this issue? I've searched Google, Stack Overflow, and these boards and I cannot seem to find a solution.

Thanks!

2

Does the user running filebeat belong to the docker group?

3

Yes, I made sure to add my user to the docker group. I also tried running the command as sudo and got the same result.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.