Filebeat Nginx Module with Dockerized Nginx

tpurcell · May 3, 2019, 9:20pm

Hello

I'm running the ELK stack with all components at version 7.0.1 in an Ubuntu 18.04 environment.

I want to process logs from an nginx docker container that is setup to send access logs to stdout and error logs to stderr. I'm running filebeat on the Ubuntu host(its not dockerized).

My configuration is successfully sending messages from other docker images to elasticsearch but nothing from the nginx docker gets there.

No error messages are issued by filebeat on startup.

Here's my filebeat.yml:

filebeat.autodiscover:
  providers:
    - type: docker
      templates:
        - condition:
            contains:
              docker.container.image: my.company.repo/nginx-master
          config:
            - module: nginx
              access:
                enabled: true
                containers:
                    stream: "stdout"
              error:
                enabled: true
                containers:
                    stream: "stderr"
    - type: docker
      templates:
        - condition:
            contains:
              docker.container.image: my.company.repo/angular:{{ angular_version_tag }}
          config:
            - type: docker
              containers.ids:
                - "${data.docker.container.id}"
              fields:
                container_name: angular
                env: "{{ environment }}"
                
setup.kibana:
  host: "{{ elk_host }}:{{ kibana_port }}"

output.elasticsearch:
  hosts: "{{ elk_host }}:{{ elastic_search_port }}"

Thanks
Tom

tpurcell · May 6, 2019, 1:39pm

Found my problem. I was missing type and container.ids on the config. Newbie mistake. Heres what worked:

filebeat.autodiscover:
  providers:
    - type: docker
      templates:
        - condition:
            contains:
              docker.container.image: chariot-colonial-docker.jfrog.io/colonial/ngb/nginx-master
          config:
            - type: docker
              containers.ids:
                - "${data.docker.container.id}"
            - module: nginx
              access:
                enabled: true
                containers:
                    stream: "stdout"
              error:
                enabled: true
                containers:
                    stream: "stderr"

system · June 3, 2019, 1:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Nginx Module Dashboards "No data to display" Beats filebeat	5	1284	June 14, 2019
Collecting logfiles of Docker containers with filebeat running as Docker container Beats filebeat	6	20863	April 18, 2017
Discovery problem Beats filebeat	4	979	May 19, 2019
Kubernetes With Filebeat parsing nginx container Beats filebeat	1	544	December 3, 2019
Unable to configure filebeat to send to logstash or elasticsearch Beats docker , filebeat	1	292	October 8, 2020

Filebeat Nginx Module with Dockerized Nginx

Related topics