Im trying to run Packetbeat on a docker container and ship the metrics to ES. Since i have multiple docker containers running on same host, all these are logs are carrying the same shipper name (hostname). As a workaround, while generating the docker container we are giving the hostname for docker container.
Also we would like to have the metrics shipped to different indexes based on microservices running on container. Is there a way we can pass the environment variables to packetbeat.yml file.
Also can you suggest some best practices/effective ways for running packetbeat on docker.
Are these packetbeat instances all running from the same config file? I think giving different host names is a good idea, in case you have different configurations, you can also set it in the configuration file.
There is currently no way to pass environment variables to the config file. Are these dynamic values that change over time or does it only have to be set on startup. One idea here (which is not possible yet) is to store the config in elasticsearch and every client can fetch it from there. Then challenge here is that the beat must know which config to fetch.
There are no best practices yet for running packetbeat on docker but it is really good to hear from your experiences so we can start to create these kind of best practices.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.