Filebeat Docker input: exclude container by name

Hi, I am having a problem on configuring filebeat.
I am running filebeat, logstash, Elasticsearch, and kibana on Docker. I want to retrieve logs of all existing containers, except from filebeat, logstash, Elasticsearch, and kibana.

I have tried so many attempts, reading other forums, stackoverflows, and the docs, but no matter what, the filebeat always retrieving kibana's logs.

I am using filebeat, logstash, Elasticsearch, and kibana version 7.16.2.

Here is my final filebeat config:

filebeat.inputs:
  - type: docker
    containers:
      path: "/usr/share/dockerlogs/data"
      stream: "stdout"
      ids:
        - "*"
      cri.parse_flags: true
      combine_partial: true

filebeat.autodiscover:
  providers:
    - type: docker
      hints.enabled: true
      hints.default_config:
        type: container
        paths:
          - /var/log/containers/*-${data.container.id}.log
      templates:
        - config:
            - type: docker
              processors:
                - drop_event:
                    when:
                      or: 
                        - contains:
                            docker.container.name: "kibana"
                        - contains:
                            docker.container.name: "logstash"
                        - contains:
                            docker.container.name: "elasticsearch"
                        - contains:
                            docker.container.name: "filebeat"

processors:
  - add_docker_metadata:
      host: "unix:///var/run/docker.sock"

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false

#----------------------------- Logstash output --------------------------------
output.logstash:
  hosts: ["logstash:5044"]

# Write Filebeat own logs only to file to avoid catching them with itself in docker log files
logging.level: error
logging.to_files: false
logging.to_syslog: false
loggins.metrice.enabled: false
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644
ssl.verification_mode: none

Any help will be highly appreciated! Thanks in advance.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.