I am using a slightly modified version of the manifest file at the official Filebeat and Kubernetes page. It is working fine with multiple filestream inputs.
Now I am trying to add a filestream input to collect Tomcat access logs. I can see them when I run this command on the shell:
kubectl exec ams-cache-manager-dev1-646fff567f-xb4x6 -n ams-dev1 -- ls opt/amsdev/logs/ams-cache-manager-logs
However I don't see them being collected along with the other logs when I look in Kibana Discover. This is the config for that input.
- type: filestream
id: ams-cache-manager-tomcat-container-logs
paths:
- /opt/amsdev/logs/ams-cache-manager-logs/*.log
fields_under_root: true
fields:
data_stream.type: logs
data_stream.dataset: ams
data_stream.namespace: cache-manager-tomcat
parsers:
- container: ~
prospector:
scanner:
fingerprint.enabled: true
symlinks: true
file_identity.fingerprint: ~
processors:
- add_kubernetes_metadata:
host: ${NODE_NAME}
namespace: ams-dev1
matchers:
- logs_path:
logs_path: "/var/log/containers/"
Filebeat was collecting logs for this input earlier under this config but tomcat logs were also not included
- type: filestream
id: ams-cache-manager-tomcat-container-logs
paths:
- /var/log/containers/*.log
fields_under_root: true
fields:
data_stream.type: logs
data_stream.dataset: ams
data_stream.namespace: cache-manager-tomcat
parsers:
- container: ~
prospector:
scanner:
fingerprint.enabled: true
symlinks: true
file_identity.fingerprint: ~
processors:
- add_kubernetes_metadata:
host: ${NODE_NAME}
namespace: ams-dev1
matchers:
- logs_path:
logs_path: "/var/log/containers/"
What is the correct config so that Filebeat will collect the Tomcat logs listed under opt/amsdev/logs/ams-cache-manager-log
as found by kubectl exec
?