Unable to send input log to Elastic search via filebeat docker installation

Hello,

I have installed ELK in 3 different containers. All are working fine. Pulled docker image and Installed Filebeat in docker container with below command:

docker run -d
--name=filebeat
--user=root
--volume="/opt/filebeat.docker.yml:/usr/share/filebeat/filebeat.yml:ro"
--volume="/var/lib/docker/containers:/var/lib/docker/containers:ro"
--volume="/var/run/docker.sock:/var/run/docker.sock:ro"
docker.elastic.co/beats/filebeat:7.7.1 filebeat -e -strict.perms=false
-E output.elasticsearch.hosts=["myhost:9200"]

My filebeat.docker.yml content as below:

filebeat.inputs:

  • type: log
    enabled: true
    close_inactive: 1m
    close_removed: true
    clean_inactive: 5h
    clean_removed: true
    ignore_older: 4h
    paths:
    • "/opt/test/*.json"
      json.keys_under_root: true
      json.add_error_key: true
      fields:
      index: hc-work
      hc_type: work

filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false

filebeat.autodiscover:
providers:
- type: docker
hints.enabled: true

processors:

  • add_docker_metadata: ~

output.elasticsearch:
hosts: '{ELASTICSEARCH_HOSTS:myhost:9200}' username: '{ELASTICSEARCH_USERNAME:elasticsearch}'
password: '${ELASTICSEARCH_PASSWORD:password}'

Now not sure where to check the Filebeat output? Not able to send logs from input path. Kindly let me know is it correct way to do and what am i missing?

Thanks

Could you please format you post using code tags?

Thanks, I got this fixed

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.