How to create container name specific indexes

Affan_Mir · July 19, 2023, 10:42am

I've deployed filebeat as a daemonset now for every container I need to access to their respective container names and read them from logstash so I can have indexes like 'container-name-YYYY-MM-DD' in my Elasticsearch.

These are my config files for both filebeat and logstash

filebeat.inputs:
- type: container
  stream: stdout
  paths:
    - /var/log/containers/*.log
  processors:
    - add_docker_metadata: ~
  #- add_kubernetes_metadata:
  #    host: ${NODE_NAME}
  #    matchers:
  #    - logs_path:
  #        logs_

output {
  elasticsearch {
  
    index => "%{[docker][container][name]}-%{+YYYY.MM.dd}"}}

system · August 16, 2023, 10:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Creating an index for each Docker container log using Filebeats Beats filebeat	5	2310	February 1, 2019
Creating simple pipeline to parse the docker logs Beats filebeat	8	1957	July 6, 2018
High level concepts of elastic stack in containerized environment Beats docker , filebeat	3	324	April 28, 2021
Parsing docker container logs Logstash	1	755	April 6, 2018
Docker.container.name is always empty Beats docker , filebeat	5	2022	April 24, 2019

How to create container name specific indexes

Related topics