I'm using Filebeat in Kubernetes to ship the logs to Elasticsearch. I've noticed that the log messages are missing the orchestrator.cluster.name
fields. None of the orchestrator fields are being set. Orchestrator Fields | Elastic Common Schema (ECS) Reference [8.16] | Elastic I am using the add_host_metadata and the add_kubernetes_metadata processors
This is the information about the cluster.
$ kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://127.0.0.1:6443
name: docker-desktop
contexts:
- context:
cluster: docker-desktop
user: docker-desktop
name: docker-desktop
current-context: docker-desktop
kind: Config
preferences: {}
users:
- name: docker-desktop
user:
client-certificate-data: DATA+OMITTED
client-key-data: DATA+OMITTED
I cannot seem to understand where these fields are set from. I'm running ELK via the ECK operator version 8.16.0.