Filebeat logging data from disabled modules

I am running filebeat as a DaemonSet on my Kubernetes cluster. The following is my configuration file:

filebeat.modules:
filebeat.inputs:
- type: container
  paths:
    - /var/log/containers/*.log
  processors:
    - add_kubernetes_metadata:
        in_cluster: true
        host: ${NODE_NAME}
        matchers:
        - logs_path:
            logs_path: "/var/log/containers/"
processors:
  - decode_json_fields:
        fields: ["message"]
        process_array: false
        max_depth: 1
        target: "json-message"
        overwrite_keys: false
  - add_cloud_metadata:

output.elasticsearch:
  hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
  username: ${ELASTICSEARCH_USERNAME}
  password: ${ELASTICSEARCH_PASSWORD}
setup.ilm.enabled: true
setup.ilm.rollover_alias: "filebeat"
setup.ilm.pattern: "{now/d}-000001"
setup.ilm.overwrite: true

Despite the fact that I have no modules specified, I'm somehow seeing every module's output enabled when I look at the filebeat elasticsearch index in kibana. Like I see fields for apache and cisco modules which I do not care about. Any idea why this would happen?

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.