Hello,
We are in the process of migrating from Openshift 3.11 to Openshift 4.5. We managed to get the Filebeat daemonset working to ship pod logs, but we also need to index the journalctl logs from the coreos hosts. What is currently the recommended way to do this?
Should we use Journalbeat? As a daemonset? I read something about a journald module for Filebeat, but this module hasn't been released apparently.
Please suggest how we can index journald logs from the coreos hosts.
Thanks.
Willem
Anyone?
For the time being, we recommend you use Journalbeat. However, keep in mind that journald input in Filebeat is implemented and backported to 7.x: https://github.com/elastic/beats/tree/7.x/filebeat/input/journald Unfortunately, it is not yet ready for release, but we would like to get it out as soon as possible.
Thanks for your answer @kvch
Looking forward to that. Is there a GitHub issue for this?
Can we install Journalbeat as a daemonset? Because there is no way to install packages on our coreos hosts. I cannot find any documentation about how to do this in https://www.elastic.co/guide/en/beats/journalbeat/master/running-with-systemd.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.