Fleet and autodiscovery

Elastic Stack Beats
,
1

Hello All,

I have the following docker containers running with Docker Swarm:

  1. Elastic Agent
  2. Filebeat
  3. Traefik service
  4. Spring boot app

We are trying to obtain the spring boot app/traefik logs via Elastic Agent but it is not working , so we had to add a Filebeat Instance to enable the autodiscovery option.

Docker metrics are showing fine via Docker metrics integration, but logs are not coming via Fleet after adding the integrations to the agent so we are using Filebeat + autodiscover:

​filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false

filebeat.autodiscover:
  providers:
    - type: docker
      hints.enabled: true

Is there a way to get rid of the Filebeat instance and get this logs via Elastic Agent as well?

Thank you

2

My conclusion is right now this is not possible with Fleet Managed Agents, just standalone ones via dynamic inputs.

Found some issues about:

Would be great if someone from Elastic can validate this.

Gustavo

3

Hello @Gustavo_Llermaly,

Even though it isn't exactly supported, you can try adding a custom log input reading the container logs. You can set the path in the custom log integration page. You can also use the advanced field if you want to add more configuration that the UI does not allow.

You should end up with something similar to the snippet below in your policy

 - name: container-log
   type: logfile
   use_output: default
   data_stream:
     namespace: default
   streams:
     - data_stream:
         dataset: generic
       symlinks: true
       paths:
        - /var/lib/docker/containers/${docker.container.id}/${docker.container.id}-json.log
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.