We setted the pipeline for filebeat to get the logs from ingress-nginx inside kubernetes.
In output it appears with event.dataset: "nginx.ingress_controller"
, but it don't parse properlly.
We can't see any dashboard, and the fields nginx.ingress_controller.*
doesn't appear in output.
Only appears the message
field in raw format.
I can't understand why it doesn't work's properly, can you help me with this?
Thank's for your time
Filebeat Version: 7.10.0
Ingress Nginx Version: 2.13.0
nginx-ingress-controller Version: v0.35.0
Kubernetes Version: v1.16.9
Here is my config:
filebeat.autodiscover:
providers:
- type: kubernetes
host: ${NODE_NAME}
hints.enabled: true
hints.default_config:
type: container
paths:
- /var/log/containers/*${data.kubernetes.container.id}.log
templates:
- condition:
and:
- equals:
kubernetes.namespace: "ingress-nginx"
- equals:
kubernetes.container.name: "controller"
config:
- module: nginx
ingress_controller:
enabled: true
input:
type: container
paths:
- /var/log/containers/*${data.kubernetes.container.id}.log
Here is the json getted from beats after it's read from log
{
"@timestamp": "2020-11-15T05:06:27.057Z",
"@metadata": {
"beat": "filebeat",
"type": "_doc",
"version": "7.10.0",
"pipeline": "filebeat-7.10.0-nginx-ingress_controller-pipeline"
},
"message": "200.100.200.100 - - [15/Nov/2020:05:06:27 +0000] \"GET /rule HTTP/2.0\" 401 46 \"-\" \"curl/7.72.0\" 42 0.014 [name-container-80] [] 10.244.11.46:80 57 0.016 401 5fc020e09398691a5fbe0a8e7838ade0",
"input": {
"type": "container"
},
"fileset": {
"name": "ingress_controller"
},
"kubernetes": {
"namespace": "ingress-nginx",
"replicaset": {
"name": "ingress-nginx-controller-df5c8b795"
},
"labels": {
"app_kubernetes_io/name": "ingress-nginx",
"pod-template-hash": "df5c8b795",
"app_kubernetes_io/component": "controller",
"app_kubernetes_io/instance": "ingress-nginx"
},
"container": {
"name": "controller",
"image": "sha256:2807ba84fc0dab039be33de7e9fbe1d9457ef5a7f3616e4b2c084e42a9eca45b"
},
"node": {
"name": "aks-agentpool-30798937-22"
},
"pod": {
"name": "ingress-nginx-controller-df5c8b795-wtsrs",
"uid": "72b00bda-b934-4fe5-8313-a52b471d21d1"
}
},
"container": {
"id": "be83a8cfdd317bc586b31406ae2a399e9eaa5e1835b38be4006fac29d40b2ddb",
"image": {
"name": "sha256:2807ba84fc0dab039be33de7e9fbe1d9457ef5a7f3616e4b2c084e42a9eca45b"
},
"runtime": "docker"
},
"ecs": {
"version": "1.5.0"
},
"host": {
"hostname": "aks-agentpool-30798937-22",
"architecture": "x86_64",
"os": {
"family": "redhat",
"name": "CentOS Linux",
"kernel": "4.15.0-1096-azure",
"codename": "Core",
"platform": "centos",
"version": "7 (Core)"
},
"containerized": false,
"ip": [
"10.240.0.26",
"fe80::20d:3aff:fee4:e097",
"172.17.0.1",
"10.244.22.1",
"fe80::409c:1dff:fe0d:5651",
"fe80::3072:d5ff:feb4:b1f8",
"fe80::9c9e:95ff:fed4:ebd6",
"fe80::c076:27ff:fe1b:9f",
"fe80::e4f2:3ff:fe2f:29db",
"fe80::b03a:2cff:fe62:d699",
"fe80::c8e9:d0ff:fef2:a210",
"fe80::fc7b:42ff:fecb:d7cb",
"fe80::1489:64ff:fedb:9973",
"fe80::ec87:ccff:fe7a:cdca",
"fe80::4804:15ff:fe4a:80a2",
"fe80::f0c3:87ff:fe60:c8da",
"fe80::789e:40ff:fe93:3878",
"fe80::949a:71ff:fee4:467d",
"fe80::30a0:13ff:fe93:e9f6",
"fe80::340c:64ff:fefe:9a5",
"fe80::d004:2fff:fec9:cb83",
"fe80::6c29:b1ff:fe19:d1ef",
"fe80::94b0:a6ff:fec6:60bc",
"fe80::748c:96ff:fe57:9579"
],
"mac": [
"00:0d:3a:e4:e0:97",
"00:0d:3a:e4:e0:97",
"02:42:ba:e7:54:b6",
"42:9c:1d:0d:56:51",
"32:72:d5:b4:b1:f8",
"9e:9e:95:d4:eb:d6",
"c2:76:27:1b:00:9f",
"e6:f2:03:2f:29:db",
"b2:3a:2c:62:d6:99",
"ca:e9:d0:f2:a2:10",
"fe:7b:42:cb:d7:cb",
"16:89:64:db:99:73",
"ee:87:cc:7a:cd:ca",
"4a:04:15:4a:80:a2",
"f2:c3:87:60:c8:da",
"7a:9e:40:93:38:78",
"96:9a:71:e4:46:7d",
"32:a0:13:93:e9:f6",
"36:0c:64:fe:09:a5",
"d2:04:2f:c9:cb:83",
"6e:29:b1:19:d1:ef",
"96:b0:a6:c6:60:bc",
"76:8c:96:57:95:79"
],
"name": "aks-agentpool-30798937-22"
},
"log": {
"file": {
"path": "/var/log/containers/ingress-nginx-controller-df5c8b795-wtsrs_ingress-nginx_controller-be83a8cfdd317bc586b31406ae2a399e9eaa5e1835b38be4006fac29d40b2ddb.log"
},
"offset": 20472
},
"stream": "stdout",
"event": {
"module": "nginx",
"dataset": "nginx.ingress_controller",
"timezone": "+00:00"
},
"service": {
"type": "nginx"
},
"agent": {
"name": "aks-agentpool-30798937-22",
"type": "filebeat",
"version": "7.10.0",
"hostname": "aks-agentpool-30798937-22",
"ephemeral_id": "79626a52-50b4-414f-b3ed-8a617bd5e07c",
"id": "308d5291-2021-4a48-ae74-6da5dca91e37"
},
"cloud": {
"instance": {
"name": "aks-agentpool-30798937-22",
"id": "491c5509-1b46-4415-8953-8c0dcf89bece"
},
"machine": {
"type": "Standard_DS2_v2"
},
"provider": "azure",
"region": "eastus2",
"account": {}
}
}