Hello
I'm running the ELK stack with all components at version 7.0.1 in an Ubuntu 18.04 environment.
I want to process logs from an nginx docker container that is setup to send access logs to stdout and error logs to stderr. I'm running filebeat on the Ubuntu host(its not dockerized).
My configuration is successfully sending messages from other docker images to elasticsearch but nothing from the nginx docker gets there.
No error messages are issued by filebeat on startup.
Here's my filebeat.yml:
filebeat.autodiscover:
providers:
- type: docker
templates:
- condition:
contains:
docker.container.image: my.company.repo/nginx-master
config:
- module: nginx
access:
enabled: true
containers:
stream: "stdout"
error:
enabled: true
containers:
stream: "stderr"
- type: docker
templates:
- condition:
contains:
docker.container.image: my.company.repo/angular:{{ angular_version_tag }}
config:
- type: docker
containers.ids:
- "${data.docker.container.id}"
fields:
container_name: angular
env: "{{ environment }}"
setup.kibana:
host: "{{ elk_host }}:{{ kibana_port }}"
output.elasticsearch:
hosts: "{{ elk_host }}:{{ elastic_search_port }}"
Thanks
Tom