Here's the solution. Not in filebeat guide, nor kubernetes guide but in documentation of Elastic Observability.
Also if you want to use auto-discovery for k8s with elastic agent (from Fleet and Elastic Agent Guide):
If you are not confortable with yaml or auto-discovery, you can resolve the problem by this way :
- Go to your kubernetes integration into your agent policy.
- In "Collect Kubernetes container logs", click on "Advanced options"
- Declare in "Additionnal parses configuration" :
- ndjson:
overwrite_keys: true
add_error_key: true
expand_keys: true
- Declare in "Processors" :
- add_host_metadata: ~
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
I hope this will be useful to someone someday