We are using filebeat configuration as in https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-docker.html . We are able to successfully push the logs from kubernetes to Elasticsearch for containers.ids: '*' , but we have a need for specifying a different logic (multiline configuration) for different k8s namespace. We cannot use container ids for a k8s namespace since they keep on changing . Is there a way to specify a k8s namespace in the filebeat configuration.
Hi @anuranjit and welcome 
Filebeat supports hints-based autodiscovery. Translated to the kubernetes world that means that you can add configuration to filebeat from annotations, this way you can for example add an specific multiline configuration to an specific pod or container using annotations. You can read more about this, including an example with multiline, in this blogpost.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.