Filebeat does not send container logs to elastic cloud

Sharadha_Krishna · September 29, 2021, 10:10am

Hi,

I have set up log collection from docker containers running on EC2 machines to elastic cloud using file beat. But I don't find the logs on kibana.

Note: I have setup my own indexes and ILM and templates. I also find the logs of filebeat don't specify any issue as such. Pasting the configuration of filebeat and the indexes related snippets.


filebeat.inputs:
#------------------------------ Container input --------------------------------
- type: container
  enabled: true

  # Paths for container logs that should be crawled and fetched.
  paths:
    -/var/lib/docker/containers/*/*.log

  # Configure stream to filter to a specific stream: stdout, stderr or all (default)
  stream: all


# ================================= Processors =================================

processors:
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_host_metadata: ~
#
# =============================== Elastic Cloud ================================
cloud.id: "tazapay-dev:xxx"

cloud.auth: "elastic:xxx"

# ====================== Index Lifecycle Management (ILM) ======================

setup.ilm.enabled: false
setup.template.enabled: false
setup.template.name: "core-template"
setup.template.pattern: "core-*"

output.elasticsearch:
  indices:
    - index: "core"

TEMPLATE :

PUT _template/core-template
{
  "index_patterns": ["core-*"], 
  "settings": {
    "number_of_shards": 1,
    "index.lifecycle.name": "core", 
    "index.lifecycle.rollover_alias": "core" 
  }
}

INDEX :

PUT core-000001 
{
  "aliases": {
    "core":{
      "is_write_index": true
    }
  }
}

FILEBEAT LOGS:

pipeline/module.go:113 Beat name: ip-20-10-1-15
[monitoring] log/log.go:142 Starting metrics logging every 30s
instance/beat.go:473 filebeat start running.
memlog/store.go:119 Loading data file of '/var/lib/filebeat/registry/filebeat' succeeded. Active transaction id=0
memlog/store.go:124 Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=0
[registrar] registrar/registrar.go:109 States Loaded from registrar: 0
[crawler] beater/crawler.go:71 Loading Inputs: 1
[input] log/input.go:164 Configured paths: [/-/var/lib/docker/containers//.log] {"input_id": "08243e87-463a-4814-bed0-823e8438cfe6"}
[crawler] beater/crawler.go:141 Starting input (ID: 3876510880850742928)
[crawler] beater/crawler.go:108 Loading and starting Inputs completed. Enabled inputs: 1

system · October 27, 2021, 12:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat fails to send docker container logs to Logstash Beats filebeat	4	3587	July 4, 2018
Unable to ship docker container logs using Filebeat Beats docker	2	534	November 23, 2021
Filebeat not pushing to elastic - docker compose Beats docker , filebeat	6	1412	November 26, 2019
New filebeat instance does not add docker metadata to logs in elastic Beats filebeat	6	841	January 7, 2021
Trouble with sending logs from filebeat to elasticsearch Beats beats-module , filebeat	8	740	December 20, 2021

Filebeat does not send container logs to elastic cloud

Related topics