Filebeat docker image

Vivek_Samaga · November 9, 2017, 11:34am

Am trying to dockerize filebeat with
https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html#_custom_image_configuration
Using the Dockerfile am building the image and starting the filebeat container with below config

filebeat.prospectors:
- input_type: log
paths:
- /var/lib/docker/containers/8342306d5cc4d80b9bc0876ed0f70c74108f0d66677324f69483182fac761f93/*.log
fields:
document_type: docker

and running the image using the command
docker run -d containerID

am able to start the container but its not sending anything to logstash below are the logs of filebeat container

    2017/11/09 11:25:***.725613 beat.go:297: INFO Home path: [/usr/share/filebeat] Config path: [/usr/share/filebeat] Data path: [/usr/share/filebeat/data] Logs path: [/usr/share/filebeat/logs]
2017/11/09 11:25:***.725656 beat.go:192: INFO Setup Beat: filebeat; Version: 5.6.3
2017/11/09 11:25:***.725732 logstash.go:90: INFO Max Retries set to: 3
2017/11/09 11:25:***.725829 outputs.go:***8: INFO Activated logstash as output plugin.
2017/11/09 11:25:***.725930 publish.go:300: INFO Publisher name: 6aaa***bd46cd
2017/11/09 11:25:***.726148 async.go:63: INFO Flush Interval set to: 1s
2017/11/09 11:25:***.726165 async.go:64: INFO Max Bulk Size set to: 2048
2017/11/09 11:25:***.726188 metrics.go:23: INFO Metrics logging every 30s
2017/11/09 11:25:***.726516 beat.go:233: INFO filebeat start running.
2017/11/09 11:25:***.726581 registrar.go:68: INFO No registry file found under: /usr/share/filebeat/data/registry. Creating a new registry file.
2017/11/09 11:25:***.734881 registrar.go:***6: INFO Loading registrar data from /usr/share/filebeat/data/registry
2017/11/09 11:25:***.734974 registrar.go:123: INFO States Loaded from registrar: 0
2017/11/09 11:25:***.735046 crawler.go:38: INFO Loading Prospectors: 1
2017/11/09 11:25:***.735085 registrar.go:236: INFO Starting Registrar
2017/11/09 11:25:***.735112 sync.go:41: INFO Start sending events to output
2017/11/09 11:25:***.735206 prospector_log.go:65: INFO Prospector with previous states loaded: 0
2017/11/09 11:25:***.735294 spooler.go:63: INFO Starting spooler: spool_size: 2048; idle_timeout: 5s
2017/11/09 11:25:***.735305 config.go:95: WARN DEPRECATED: document_type is deprecated. Use fields instead.
2017/11/09 11:25:***.735333 prospector.go:124: INFO Starting prospector of type: log; id: 13016399965924021494
2017/11/09 11:25:***.735360 crawler.go:58: INFO Loading and starting Prospectors completed. Enabled prospectors: 1
2017/11/09 11:25:40.726541 metrics.go:39: INFO Non-zero metrics in the last 30s: registrar.writes=1
2017/11/09 11:26:***.726500 metrics.go:34: INFO No non-zero metrics in the last 30s

Can somebody help me in debugging this.

exekias · November 9, 2017, 1:34pm

You need to mount /var/lib/docker/containers/ into filebeat container. Try adding this flag to your docker run command:

-v /var/lib/docker/containers/:/var/lib/docker/containers/

Vivek_Samaga · November 13, 2017, 10:10am

Yes i tried
docker run -v /var/lib/docker/containers/:/var/lib/docker/containers/ (Filebeat_ImageID)

Still no change am not able to consume the logs.

exekias · November 13, 2017, 10:22am

It may be a permissions issue, you may need to update permissions or run filebeat as root:

docker run -u root -v /var/lib/docker/containers/:/var/lib/docker/containers/ {image} filebeat -e -v --strict.perms=false

Vivek_Samaga · November 13, 2017, 10:56am

Thanks

system · December 11, 2017, 10:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.