Filebeat does not send container logs to elastic cloud

Sharadha_Krishna · September 29, 2021, 10:10am

Hi,

I have set up log collection from docker containers running on EC2 machines to elastic cloud using file beat. But I don't find the logs on kibana.

Note: I have setup my own indexes and ILM and templates. I also find the logs of filebeat don't specify any issue as such. Pasting the configuration of filebeat and the indexes related snippets.


filebeat.inputs:
#------------------------------ Container input --------------------------------
- type: container
  enabled: true

  # Paths for container logs that should be crawled and fetched.
  paths:
    -/var/lib/docker/containers/*/*.log

  # Configure stream to filter to a specific stream: stdout, stderr or all (default)
  stream: all


# ================================= Processors =================================

processors:
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_host_metadata: ~
#
# =============================== Elastic Cloud ================================
cloud.id: "tazapay-dev:xxx"

cloud.auth: "elastic:xxx"

# ====================== Index Lifecycle Management (ILM) ======================

setup.ilm.enabled: false
setup.template.enabled: false
setup.template.name: "core-template"
setup.template.pattern: "core-*"

output.elasticsearch:
  indices:
    - index: "core"

TEMPLATE :

PUT _template/core-template
{
  "index_patterns": ["core-*"], 
  "settings": {
    "number_of_shards": 1,
    "index.lifecycle.name": "core", 
    "index.lifecycle.rollover_alias": "core" 
  }
}

INDEX :

PUT core-000001 
{
  "aliases": {
    "core":{
      "is_write_index": true
    }
  }
}

FILEBEAT LOGS:

pipeline/module.go:113 Beat name: ip-20-10-1-15
[monitoring] log/log.go:142 Starting metrics logging every 30s
instance/beat.go:473 filebeat start running.
memlog/store.go:119 Loading data file of '/var/lib/filebeat/registry/filebeat' succeeded. Active transaction id=0
memlog/store.go:124 Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=0
[registrar] registrar/registrar.go:109 States Loaded from registrar: 0
[crawler] beater/crawler.go:71 Loading Inputs: 1
[input] log/input.go:164 Configured paths: [/-/var/lib/docker/containers//.log] {"input_id": "08243e87-463a-4814-bed0-823e8438cfe6"}
[crawler] beater/crawler.go:141 Starting input (ID: 3876510880850742928)
[crawler] beater/crawler.go:108 Loading and starting Inputs completed. Enabled inputs: 1

system · October 27, 2021, 12:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to ship docker container logs using Filebeat Beats docker	2	556	November 23, 2021
Filebeat not writing docker containers logs into Elasticsearch Beats filebeat	8	2728	March 12, 2019
AWS Beanstalk and Elastic Cloud Filebeat Beats docker , filebeat	1	559	January 31, 2022
Docker container custom logs - how to process them into kibana Beats filebeat	8	1788	December 22, 2018
Filebeat not reading all docker container logs Beats filebeat	11	5376	February 5, 2019

Filebeat does not send container logs to elastic cloud

Related topics