Filebeat does not send container logs to elastic cloud

Sharadha_Krishna · September 29, 2021, 10:10am

Hi,

I have set up log collection from docker containers running on EC2 machines to elastic cloud using file beat. But I don't find the logs on kibana.

Note: I have setup my own indexes and ILM and templates. I also find the logs of filebeat don't specify any issue as such. Pasting the configuration of filebeat and the indexes related snippets.


filebeat.inputs:
#------------------------------ Container input --------------------------------
- type: container
  enabled: true

  # Paths for container logs that should be crawled and fetched.
  paths:
    -/var/lib/docker/containers/*/*.log

  # Configure stream to filter to a specific stream: stdout, stderr or all (default)
  stream: all


# ================================= Processors =================================

processors:
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_host_metadata: ~
#
# =============================== Elastic Cloud ================================
cloud.id: "tazapay-dev:xxx"

cloud.auth: "elastic:xxx"

# ====================== Index Lifecycle Management (ILM) ======================

setup.ilm.enabled: false
setup.template.enabled: false
setup.template.name: "core-template"
setup.template.pattern: "core-*"

output.elasticsearch:
  indices:
    - index: "core"

TEMPLATE :

PUT _template/core-template
{
  "index_patterns": ["core-*"], 
  "settings": {
    "number_of_shards": 1,
    "index.lifecycle.name": "core", 
    "index.lifecycle.rollover_alias": "core" 
  }
}

INDEX :

PUT core-000001 
{
  "aliases": {
    "core":{
      "is_write_index": true
    }
  }
}

FILEBEAT LOGS:

pipeline/module.go:113 Beat name: ip-20-10-1-15
[monitoring] log/log.go:142 Starting metrics logging every 30s
instance/beat.go:473 filebeat start running.
memlog/store.go:119 Loading data file of '/var/lib/filebeat/registry/filebeat' succeeded. Active transaction id=0
memlog/store.go:124 Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=0
[registrar] registrar/registrar.go:109 States Loaded from registrar: 0
[crawler] beater/crawler.go:71 Loading Inputs: 1
[input] log/input.go:164 Configured paths: [/-/var/lib/docker/containers//.log] {"input_id": "08243e87-463a-4814-bed0-823e8438cfe6"}
[crawler] beater/crawler.go:141 Starting input (ID: 3876510880850742928)
[crawler] beater/crawler.go:108 Loading and starting Inputs completed. Enabled inputs: 1

system · October 27, 2021, 12:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to ship docker container logs using Filebeat Beats docker	2	532	November 23, 2021
Trouble with sending logs from filebeat to elasticsearch Beats beats-module , filebeat	8	734	December 20, 2021
Filebeat is not sending logs to Elasticsearch Beats docker , filebeat	4	582	April 28, 2024
Filebeat Docker input: exclude container by name Beats docker , filebeat	1	1057	June 6, 2022
Filebeat docker container is not connecting to logstash docker container Beats filebeat	2	1685	September 12, 2019

Filebeat does not send container logs to elastic cloud

Related Topics