Hello!
I launched filebeat in container like advised in this link: www.elastic.co
But filebeat doesn't send my logs to remote host.
It seems the provided dockerfile is incorrect, entrypoint is absent. Is it?
I modified it a little bit:
FROM docker.elastic.co/beats/filebeat:7.6.0
COPY filebeat.yml /usr/share/filebeat/filebeat.yml
USER root
RUN chown root:filebeat /usr/share/filebeat/filebeat.yml
RUN chmod go-w /usr/share/filebeat/filebeat.yml
USER filebeat
filebeat.yml:
###################### Filebeat Configuration #########################
#=========================== Filebeat inputs =============================
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/*.log
#==================== Elasticsearch template setting ==========================
setup.template.enabled: true
setup.template.name: "foo"
setup.template.pattern: "foo-*"
setup.template.overwrite: true
output.elasticsearch:
hosts: '${ES_HOSTS:?Elasticsearch ip is not defined.}'
index: "foo-%{[agent.version]}-%{+yyyy.MM.dd}"
username: "filebeat"
password: "filebeat"
Built the image, created sample logs and launched it:
docker run -e ES_HOSTS="*some_host:some_port*" -v "/var/logs/foo-service:/var/log" filebeat
But logs aren't processed, filebeat doesn't output anything.
What is wrong?
Perhaps Dockerfile is incorrect?
Also, I have the following configs in filebeat.yml: setup.template. It performs index creation based on template name, would the index be automatically created?