Multiple conditions with autodiscover & docker containers

steffens · October 24, 2018, 6:05pm

conditions syntax is more 'lisp-style', due to the YAML config file format.

E.g. your condition with 'and.not' must look like:

- condition.and:
  - contains: 
      docker.container.image: **SOMETHING**
  - not.contains:
      docker.container.image: **SOMETHING_ELSE**

The and operator gets a list of conditionals that must match. It's similar to "ALL".

P.S.: Thank you for taking the time and properly formatting your question on your first try

Topic		Replies	Views
Cannot get Autodiscover conditions to work Beats docker , filebeat	1	19	September 27, 2024
Filebeat autodiscover for docker does not work on /var/lib/docker/containers Beats filebeat	8	3121	January 15, 2019
How to use configure filebeat to filter docker containers using hints-based autodiscovery Beats docker , filebeat	3	1912	April 19, 2021
Can anyone guide me to correct autodiscover condition? Beats filebeat	9	1132	August 25, 2022
Filebeat Autodiscover template condition is not working Beats filebeat	1	683	December 1, 2021