Hi!
I found this page about envoy module but there isn't instructions to configure on Kubernetes installation.
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-envoyproxy.html
My filebeat version is 7.0.0
Should be like that?
- module: envoyproxy
But I'm using autodiscovery way, I don't know if I can use too
filebeat.config:
This is my configuration.
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: logging
labels:
k8s-app: filebeat
data:
filebeat.yml: |-
filebeat.autodiscover:
providers:
- type: kubernetes
node: ${NODE_NAME}
hints.enabled: true
hints.default_config:
type: container
paths:
- /var/log/containers/*${data.kubernetes.container.id}.log
multiline.pattern: '^[[:space:]]+(at|\.{3})\b|^Caused by:'
multiline.negate: false
multiline.match: after
processors:
- add_cloud_metadata:
- add_host_metadata:
- decode_json_fields:
fields: ["message"]
target: "custom"
overwrite_keys: true
- add_fields:
target: ''
fields:
gkeclustername: xxx-core-stage
cloud.id: ${ELASTIC_CLOUD_ID}
cloud.auth: ${ELASTIC_CLOUD_AUTH}
setup.ilm.rollover_alias: "${INDEX_NAME_CLUSTER}"
output.elasticsearch:
hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
username: ${ELASTICSEARCH_USERNAME}
password: ${ELASTICSEARCH_PASSWORD}
How should I add that module to my configuration?
By the other hand, this are in the right place? do you see it well?
type: container
paths:
- /var/log/containers/*${data.kubernetes.container.id}.log
multiline.pattern: '^[[:space:]]+(at|\.{3})\b|^Caused by:'
multiline.negate: false
multiline.match: after
Thank you very much