FileBeat disabling hints.default.default_config

Joaquin_menchaca · March 29, 2021, 12:18am

I don't understand why this doesn't work, any insight appreciated. When I enable hints.default_config, I do not get anything show up in Kibana. I was following these docs for auto-discovery.

My filebeats.yml config is:

filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false
filebeat.modules:
  - module: elasticsearch
  - module: kibana
filebeat.autodiscover:
  providers:
    - type: docker
      hints:
         enabled: true
         default_config:
           enabled: true
           type: container
           paths:
              - "/var/lib/docker/containers/${data.docker.container.id}/*.log"
processors:
- add_cloud_metadata: ~
- add_docker_metadata:
    host: unix:///var/run/docker.sock
output.elasticsearch:
  hosts: ["http://elasticsearch:9200"]
setup.kibana:
  host: http://kibana:5601
setup.dashboards.enabled: true

I am trying to get logs from two containers that send out golang glog format. This what I am using for docker-compose.yml:

version: "3.5"
services:
  zero:
    image: dgraph/dgraph:${DGRAPH_VERSION}
    container_name: zero
    command: dgraph zero --my=zero:5080 --replicas 1 --idx 1
    labels:
      co.elastic.logs/enabled: true

  alpha:
    image: dgraph/dgraph:${DGRAPH_VERSION}
    container_name: alpha
    command: dgraph alpha --my=alpha:7080 --zero=zero:5080
    labels:
      co.elastic.logs/enabled: true
    ports:
      - 8080:8080
      - 9080:9080

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
    container_name: elasticsearch
    labels:
      co.elastic.logs/module: elasticsearch
    environment:
      discovery.type: single-node
      bootstrap.memory_lock: "true"
      ES_JAVA_OPTS: "-Xms750m -Xmx750m"
    ports:
      - 9200:9200

  kibana:
    image: docker.elastic.co/kibana/kibana:${ELASTIC_VERSION}
    container_name: kibana
    labels:
      co.elastic.logs/module: kibana
    depends_on:
      - elasticsearch
    ports:
      - 5601:5601

  filebeat:
    image: docker.elastic.co/beats/filebeat:${ELASTIC_VERSION}
    container_name: filebeat
    command: filebeat -e -strict.perms=false
    privileged: true 
    user: root
    volumes:
      - ./config/filebeat.yml:/usr/share/filebeat/filebeat.yml
      - /var/lib/docker/containers:/var/lib/docker/containers
      - /var/run/docker.sock:/var/run/docker.sock

When I change default_config.enabled to false, everything suddenly works.

filebeat.autodiscover:
  providers:
    - type: docker
      hints:
         enabled: true
         default_config:
           enabled: false

And the default environment variables (.env) are:

ELASTIC_VERSION=7.12.0
DGRAPH_VERSION=v20.11.2

I would have to create traffic so that more long information comes from the alpha and zero containers, and search for container.name :"alpha" or container.name:"zero" in Kibana. When I have default_config.enabled != true, then I get @timestamp errors in Kibana and no data. Why? What is happening?

jsoriano · March 30, 2021, 2:09pm

Hi @Joaquin_menchaca,

On the first test, with hints.default_config.enabled: true are you also using the co.elastic.logs/enabled label in the containers?

Are your log files in the configured path? /var/lib/docker/containers/${data.docker.container.id}/*.log?

What kind of errors?

system · April 27, 2021, 4:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.