Hi, I am having a problem on configuring filebeat.
I am running filebeat, logstash, Elasticsearch, and kibana on Docker. I want to retrieve logs of all existing containers, except from filebeat, logstash, Elasticsearch, and kibana.
I have tried so many attempts, reading other forums, stackoverflows, and the docs, but no matter what, the filebeat always retrieving kibana's logs.
I am using filebeat, logstash, Elasticsearch, and kibana version 7.16.2.
Here is my final filebeat config:
filebeat.inputs:
- type: docker
containers:
path: "/usr/share/dockerlogs/data"
stream: "stdout"
ids:
- "*"
cri.parse_flags: true
combine_partial: true
filebeat.autodiscover:
providers:
- type: docker
hints.enabled: true
hints.default_config:
type: container
paths:
- /var/log/containers/*-${data.container.id}.log
templates:
- config:
- type: docker
processors:
- drop_event:
when:
or:
- contains:
docker.container.name: "kibana"
- contains:
docker.container.name: "logstash"
- contains:
docker.container.name: "elasticsearch"
- contains:
docker.container.name: "filebeat"
processors:
- add_docker_metadata:
host: "unix:///var/run/docker.sock"
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
#----------------------------- Logstash output --------------------------------
output.logstash:
hosts: ["logstash:5044"]
# Write Filebeat own logs only to file to avoid catching them with itself in docker log files
logging.level: error
logging.to_files: false
logging.to_syslog: false
loggins.metrice.enabled: false
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
ssl.verification_mode: none
Any help will be highly appreciated! Thanks in advance.