[Filebeat] Windows: add_docker_metadata cannot extract Container ID



I'm trying to get FIlebeat to send Docker metadata with logs. Filebeat starts up fine and sends logs correctly, only without Docker metadata.

My filebeat.yml looks like this:

    - type: log

      enabled: true
        - C:\programdata\docker\containers\*\*.log
      - add_docker_metadata:
          host: "npipe:////./pipe/docker_engine"

Using the debug option, I can see the following two relevant logs:

|2018-10-24T15:55:26.346+0200|DEBUG|[processors]|processors/processor.go:66|Processors: add_docker_metadata=[match_fields=[] match_pids=[process.pid, process.ppid]]|
|2018-10-24T15:55:26.409+0200|DEBUG|[add_docker_metadata]|add_docker_metadata/add_docker_metadata.go:128|Error while extracting container ID from source path: index is out of range for field 'source'|

For some reason the "match_fields" field is empty. On Linux "system.process.cgroup.id" I believe gets inserted here. However, I've been unable to find an equivalent for Windows. Is there any way to get this working on Windows?

Docker info:

Containers: 6
 Running: 6
 Paused: 0
 Stopped: 0
Images: 101
Server Version: 18.03.1-ee-2
Storage Driver: windowsfilter
Logging Driver: json-file
 Volume: local
 Network: ics l2bridge l2tunnel nat null overlay transparent
 Log: awslogs etwlogs fluentd gelf json-file local logentries splunk syslog
Swarm: inactive
Default Isolation: process
Kernel Version: 10.0 17763 (17763.1.amd64fre.rs5_release.180914-1434)
Operating System: Windows Server 2019 Datacenter Evaluation Version 1809 (OS Build 17763.1)
OSType: windows
Architecture: x86_64
CPUs: 8
Total Memory: 3.999GiB
Name: dockerserver
Docker Root Dir: C:\ProgramData\docker
Debug Mode (client): false
Debug Mode (server): false
Username: ''
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
Live Restore Enabled: false

(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.