Hi,
I'm trying to get FIlebeat to send Docker metadata with logs. Filebeat starts up fine and sends logs correctly, only without Docker metadata.
My filebeat.yml looks like this:
filebeat.inputs:
- type: log
enabled: true
paths:
- C:\programdata\docker\containers\*\*.log
processors:
- add_docker_metadata:
host: "npipe:////./pipe/docker_engine"
Using the debug option, I can see the following two relevant logs:
|2018-10-24T15:55:26.346+0200|DEBUG|[processors]|processors/processor.go:66|Processors: add_docker_metadata=[match_fields=[] match_pids=[process.pid, process.ppid]]|
|2018-10-24T15:55:26.409+0200|DEBUG|[add_docker_metadata]|add_docker_metadata/add_docker_metadata.go:128|Error while extracting container ID from source path: index is out of range for field 'source'|
For some reason the "match_fields" field is empty. On Linux "system.process.cgroup.id" I believe gets inserted here. However, I've been unable to find an equivalent for Windows. Is there any way to get this working on Windows?
Docker info:
Containers: 6
Running: 6
Paused: 0
Stopped: 0
Images: 101
Server Version: 18.03.1-ee-2
Storage Driver: windowsfilter
Windows:
Logging Driver: json-file
Plugins:
Volume: local
Network: ics l2bridge l2tunnel nat null overlay transparent
Log: awslogs etwlogs fluentd gelf json-file local logentries splunk syslog
Swarm: inactive
Default Isolation: process
Kernel Version: 10.0 17763 (17763.1.amd64fre.rs5_release.180914-1434)
Operating System: Windows Server 2019 Datacenter Evaluation Version 1809 (OS Build 17763.1)
OSType: windows
Architecture: x86_64
CPUs: 8
Total Memory: 3.999GiB
Name: dockerserver
ID: JXPY:6TPP:5NCA:IGBU:4T5S:EKPN:XT5S:KIL5:PW7N:Z24Q:EFAK:CZRE
Docker Root Dir: C:\ProgramData\docker
Debug Mode (client): false
Debug Mode (server): false
Username: ''
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false