Im hoping to get logs from my k8 pods (which are writing to stdout/stderr) via filebeat. At this point all Im seeing are what's being written to /var/log/messages on the k8 host.
Ive started the daemonset sample from https://www.elastic.co/guide/en/beats/filebeat/current/running-on-kubernetes.html (with the a change to write to logstash and not elasticsearch). I added these lines in hopes of getting some annotations:
templates:
- config:
- type: docker
containers.ids:
- "${data.kubernetes.container.id}"
I have a test container that writes a simple datetime string every second.
In any event - Im missing some steps here or not understanding what's supposed to be happening.
- does this system require that filebeat is running on the k8 host?
- should I be seeing annotations? is the above sufficient to add them?