Want to enable NGINX module in our filebeat to get the kubernetes nginx/ingress_controller logs

Elastic Stack Beats
, ,
1

we are using filebeat as our log shipper and running it as a docker image , we want to enable the NGINX module so that we can get the logs in proper format as currently we get the logs in the form as a bunch of lines, and we can only perform full text search, but we want to make ingress controller dashboard for which we need proper filters and for that we need to enable the Nginx module in our filebeat.

for ref filebeat :

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: filebeat
  namespace: logging
  labels:
    k8s-app: filebeat
spec:
  selector:
    matchLabels:
      k8s-app: filebeat
  updateStrategy:
    type: RollingUpdate
  template:
metadata:
          labels:
            k8s-app: filebeat
        spec:
          serviceAccountName: filebeat
          terminationGracePeriodSeconds: 30
          containers:
          - name: filebeat
            imagePullPolicy: IfNotPresent
            image: xxx repo
            args: [
              "-c", "/aaa/filebeat.yml",
              "-e",
            ]
            env:
            - name: NODENAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
1 Like
2

You can find instructions about running Filebeat on Kubernetes here: https://www.elastic.co/guide/en/beats/filebeat/master/running-on-kubernetes.html
Also, guides about enabling the NGINX module: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-nginx.html

Let me know if you have a specific question or something is missing from the docs.

3

Hey @kvch thanks for you promt reply, but with us problem is that we are running the filebeat ina docker and the path of the logs files as mentioned in your document is what we are looking for which we are not able to get the logs, our filebeat.yaml looks like

filebeat.yml: |-
name: ${NODENAME}
filebeat.inputs:
- type: docker
containers.ids:
- "*"
processors:
- add_kubernetes_metadata:
in_cluster: true
logging.to_files: false
setup.template.enabled: false
setup.ilm.enabled: false
#proxy_url: http://www-url:80
output.elasticsearch:
hosts: ${ES_URL}
username: ${ES_USER}
password: ${ES_PASSWORD}
index: ${INDEX_NAME}
bulk_max_size: 200

problem is in you solution

- module: nginx
  ingress_controller:
    enabled: true
    var.paths: ["what will be the path ? -----> /path/to/log/nginx/ingress.log"]

what will be the path here.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.