Hi @shivendra95,
Yes, you can mount the volume into Filebeat's pod and read the logs directly from there. On a quick glance over your manifest, it seems you've done it already:
- name: filebeat
volumeMounts:
- name: varlogcontainers
mountPath: /var/log/containers
- name: varlogpods
mountPath: /var/log/pods
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
volumes:
- name: varlogcontainers
hostPath:
path: /var/log/containers
- name: varlogpods
hostPath:
path: /var/log/pods
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
Are those the volumes holding the logs you want?
The configuration for a Filebeat running on Kubernetes is essentially no different from a Filebeat running directly on a Linux box: Filebeat will read log files from a directory, the only difference there is that when Filebeat is on a container (like on Kubernetes), you need to mount the logs from the host into the container.
In your case, it seems, you just need to be mode specific on which files you want to read, because the configuration you posted is reading all files on:
- /var/log/containers/*.log
Take a look at the documentation of the container input (Container input | Filebeat Reference [8.2] | Elastic) for a more detailed overview of the possible options.