Hi when configuring Filbeat, it seems the default prefered method in the docs is to use /var/log/containers
But if I understand correctly, it's better to setup the /var/log/pods folder. Since Kubernetes rotates it's logs since 1.21.x and also /var/logs/containers has symlink to the files, which is also not great?
I think you are correct and we should update documentation. We do provide this note - /var/log/containers/\*.log is normally a symlink to /var/log/pods/*/*.log , so above paths can be edited accordingly
More detail on symlinks and rotating logs here: Log input | Filebeat Reference [8.15] | Elastic
So what's the correction, what should I configure for the input?
Also the helm chart defaults to /var/logs/container...
Is it just switching the path to the /var/log/pods/*/*.log or what ever the case? I tried and it didn't work. Or we have to switch the type from container to something else as well?
Drive by comment? hehe
See my questions above. Do we want to open an issue to improve the docs? Anything else?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.