I'm trying to spin up log collection on Linux Fedora 42 in docker compose (via podman).
Podman doesn't write logs to files, so I chose journalctl
filebeat.inputs:
- type: journald
id: "podman-logs"
# explicitly tell Filebeat where your journals live:
paths:
- /var/log/journal/
logging.level: debug
output.console:
pretty: true
docker compose run --rm filebeat01 sh -c "journalctl -D /var/log/journal"
indeed starts output of long journal and it seems /var/log/journal mounted alright in container
but filebeat still gives me errors like
Journalctl wrote to stderr: Failed to open files: Is a directory\n
cannot read from journalctl stderr: read |0: file already closed
reader error: 'no more data to read, journalctl exited unexpectedly, exit code: 1', restarting...
Blockquote
what exactly paths argument expects?