Hello,
I have installed ELK in 3 different containers. All are working fine. Pulled docker image and Installed Filebeat in docker container with below command:
docker run -d
--name=filebeat
--user=root
--volume="/opt/filebeat.docker.yml:/usr/share/filebeat/filebeat.yml:ro"
--volume="/var/lib/docker/containers:/var/lib/docker/containers:ro"
--volume="/var/run/docker.sock:/var/run/docker.sock:ro"
docker.elastic.co/beats/filebeat:7.7.1 filebeat -e -strict.perms=false
-E output.elasticsearch.hosts=["myhost:9200"]
My filebeat.docker.yml content as below:
filebeat.inputs:
- type: log
enabled: true
close_inactive: 1m
close_removed: true
clean_inactive: 5h
clean_removed: true
ignore_older: 4h
paths:- "/opt/test/*.json"
json.keys_under_root: true
json.add_error_key: true
fields:
index: hc-work
hc_type: work
- "/opt/test/*.json"
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
filebeat.autodiscover:
providers:
- type: docker
hints.enabled: true
processors:
- add_docker_metadata: ~
output.elasticsearch:
hosts: '{ELASTICSEARCH_HOSTS:myhost:9200}'
username: '{ELASTICSEARCH_USERNAME:elasticsearch}'
password: '${ELASTICSEARCH_PASSWORD:password}'
Now not sure where to check the Filebeat output? Not able to send logs from input path. Kindly let me know is it correct way to do and what am i missing?
Thanks