I have a custom image of filebeat, and I am trying to forward all docker container logs to logstash and later on to see them on Kibana (through Elasticsearch). I can't see what am I doing wrong, as I cant see any logs on Kibana.
I have these configurations:
Filebeat Dockerfile:
FROM docker.elastic.co/beats/filebeat:6.2.4
COPY filebeat.yml /usr/share/filebeat/filebeat.yml
USER root
RUN chown filebeat /usr/share/filebeat/filebeat.yml
USER filebeat
filebeat.yml:
filebeat.prospectors:
- type: log
enabled: true
paths:
- /var/lib/docker/containers//.log
document_type: docker
json.message_key: log
output.logstash:
hosts: ["logstash:5044"]
logstash.conf:
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => "elasticsearch:9200"
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
}
}
And filebeat logs (I'm getting this most of the time ):
{"log":"2018-06-04T12:24:36.397Z\u0009INFO\u0009[monitoring]\u0009log/log.go:124\u0009Non-zero metrics in the last 30s\u0009{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":110,"time":110},"total":{"ticks":250,"time":258,"value":250},"user":{"ticks":140,"time":148}},"info":{"ephemeral_id":"adbf12dd-cc46-43a2-8e43-edd8e17ac1aa","uptime":{"ms":750020}},"memstats":{"gc_next":4194304,"memory_alloc":1717080,"memory_total":7613320,"rss":-966656}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":1,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.72,"15":0.94,"5":0.8,"norm":{"1":0.18,"15":0.235,"5":0.2}}}}}}\n","stream":"stderr","time":"2018-06-04T12:24:36.397835494Z"}
{"log":"2018-06-04T12:25:06.400Z\u0009INFO\u0009[monitoring]\u0009log/log.go:124\u0009Non-zero metrics in the last 30s\u0009{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":110,"time":113},"total":{"ticks":260,"time":266,"value":260},"user":{"ticks":150,"time":153}},"info":{"ephemeral_id":"adbf12dd-cc46-43a2-8e43-edd8e17ac1aa","uptime":{"ms":780020}},"memstats":{"gc_next":4194304,"memory_alloc":1909160,"memory_total":7805400}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":1,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":1.94,"15":1.04,"5":1.09,"norm":{"1":0.485,"15":0.26,"5":0.2725}}}}}}\n","stream":"stderr","time":"2018-06-04T12:25:06.401824994Z"}
{"log":"2018-06-04T12:25:36.399Z\u0009INFO\u0009[monitoring]\u0009log/log.go:124\u0009Non-zero metrics in the last 30s\u0009{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":110,"time":113},"total":{"ticks":270,"time":275,"value":270},"user":{"ticks":160,"time":162}},"info":{"ephemeral_id":"adbf12dd-cc46-43a2-8e43-edd8e17ac1aa","uptime":{"ms":810022}},"memstats":{"gc_next":4194304,"memory_alloc":1400072,"memory_total":8093248}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":1,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":1.94,"15":1.07,"5":1.19,"norm":{"1":0.485,"15":0.2675,"5":0.2975}}}}}}\n","stream":"stderr","time":"2018-06-04T12:25:36.40051431Z"}