Hi,
I want filebeat to get all logs from containers and push them to elastic
When I spin up my compose it starts but does nothing. The container logs from filebeat are compleatly empty.
I know that it reads the filebeat.yml because if I put wrong permissions it complains about it but if I set the owner of the file to root it is compleatly silent
my service in compose.yml
filebeat:
image: docker.elastic.co/beats/filebeat:8.15.1
container_name: filebeat
user: root
volumes:
- ./elk/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- /var/log:/var/log:ro
- /var/lib/docker:/var/lib/docker:ro
depends_on:
- elasticsearch
- logstash
restart: unless-stopped
environment:
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD:-password}
my filebeat.yml
filebeat.inputs:
- type: container
paths:
- '/var/lib/docker/containers/*/*.log'
processors:
- add_docker_metadata:
host: "unix:///var/run/docker.sock"
output.elasticsearch:
hosts: elasticsearch:9200
indices:
- index: "docker-logs"