Hi @Badger, Thanks for the hint and recommendations. I was able to get the namespace(s) as index name(s).
In case someone is looking for config
Here's how the fields looks like when queried from kibana.
{
"_index": "test-1",
"_type": "doc",
"_id": "upAUFGkB4pTTTbuh8MFh",
"_version": 1,
"_score": 0,
"_source": {
"host": {
"name": "filebeat-kztmv"
},
"source": "/var/lib/docker/containers/41ce86fd65c4de705ef65331f79cc946033140a2379ead7ab3443e587f73bb7a/41ce86fd65c4de705ef65331f79cc946033140a2379ead7ab3443e587f73bb7a-json.log",
"message": "Running from: /usr/share/jenkins/ref/warfile/jenkins.war",
"prospector": {
"type": "docker"
},
"input": {
"type": "docker"
},
"offset": 0,
"@version": "1",
"kubernetes": {
"pod": {
"uid": "71f01698-3672-11e9-8bb8-246e96538240",
"name": "test-1-5f87d986d9-jpt9s"
},
"labels": {
"app": "test-1",
"pod-template-hash": "1943854285"
},
"namespace": "test-1",
"replicaset": {
"name": "test-1-5f87d986d9"
},
"container": {
"name": "test-1"
},
"node": {
"name": "nodename"
}
},
"tags": [
"beats_input_codec_plain_applied"
],
"beat": {
"name": "filebeat-kztmv",
"hostname": "filebeat-kztmv",
"version": "6.6.1"
},
"log": {
"file": {
"path": "/var/lib/docker/containers/41ce86fd65c4de705ef65331f79cc946033140a2379ead7ab3443e587f73bb7a/41ce86fd65c4de705ef65331f79cc946033140a2379ead7ab3443e587f73bb7a-json.log"
}
},
"stream": "stdout",
"@timestamp": "2019-02-22T07:21:48.929Z",
"docker": {
"container": {
"name": "k8s_test-1_test-1-5f87d986d9-jpt9s_test-1_71f01698-3672-11e9-8bb8-246e96538240_0",
"labels": {
"annotation": {
"io": {
"kubernetes": {
"pod": {
"terminationGracePeriod": "10"
},
"container": {
"hash": "eb4c7704",
"restartCount": "0",
"ports": "[{\"containerPort\":8080,\"protocol\":\"TCP\"},{\"containerPort\":50000,\"protocol\":\"TCP\"}]",
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File"
}
}
}
},
"io": {
"kubernetes": {
"container": {
"name": "test-1",
"logpath": "/var/log/pods/71f01698-3672-11e9-8bb8-246e96538240/test-1/0.log"
},
"pod": {
"name": "test-1-5f87d986d9-jpt9s",
"uid": "71f01698-3672-11e9-8bb8-246e96538240",
"namespace": "test-1"
},
"sandbox": {
"id": "eb6c9dcee2c4274e6360009c338b021e8198b45481c86c1c3b1bd5647b35a936"
},
"docker": {
"type": "container"
}
}
}
},
"id": "41ce86fd65c4de705ef65331f79cc946033140a2379ead7ab3443e587f73bb7a",
"image": "private_registrybasemaster@sha256:ee6be361d63ea3a68372662a4f3743a73aabd69593fd73b79eebc12217e3225f"
}
}
},
"fields": {
"@timestamp": [
"2019-02-22T07:21:48.929Z"
]
}
}
logstash.conf for logstash pipeline was modified to this
## Add your filters / logstash plugins configuration here
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => "elasticsearch:9200"
manage_template => false
index => "%{[kubernetes][namespace]}"
document_type => "%{[@metadata][type]}"
}
}