We are currently using Filebeat with autodiscover to send logs from Docker containers of different flavours (Apache HTTP, MySQL, etc).
We are now trying to migrate over to Elastic Agent with Fleet managed agents, but I cannot find any documentation or examples of how to configure the agents with an equivalent setup to what we have with Filebeat and autodiscover.
How can I setup a Fleet Agent Policy that will process the docker log json files for different autodiscovered Docker container apps (eg. Apache HTTP, MySQL, Spring Boot App)?
Example filebeat autodiscover setup:
filebeat.autodiscover:
# List of enabled autodiscover providers
providers:
- type: docker
templates:
- condition:
equals.docker.container.labels.com.docker.compose.service: apache
config:
- module: apache
access:
input:
type: container
stream: stdout
paths:
- "/var/lib/docker/containers/${data.docker.container.id}/*-json.log"
error:
input:
type: container
stream: stderr
paths:
- "/var/lib/docker/containers/${data.docker.container.id}/*-json.log"
- condition:
equals.docker.container.labels.com.docker.compose.service: webapp
config:
- type: container
paths:
- "/var/lib/docker/containers/${data.docker.container.id}/*-json.log"
multiline.pattern: '^[[:space:]]+(at|\.{3})\b|^Caused by:'
multiline.negate: false
multiline.match: after
- condition:
equals.docker.container.labels.com.docker.compose.service: mysql
config:
- module: mysql
error:
input:
type: container
paths:
- "/var/lib/docker/containers/${data.docker.container.id}/*-json.log"
slowlog:
enabled: false
