Hi when configuring Filbeat, it seems the default prefered method in the docs is to use /var/log/containers
But if I understand correctly, it's better to setup the /var/log/pods folder. Since Kubernetes rotates it's logs since 1.21.x and also /var/logs/containers has symlink to the files, which is also not great?
I think you are correct and we should update documentation. We do provide this note - /var/log/containers/\*.log is normally a symlink to /var/log/pods/*/*.log , so above paths can be edited accordingly
More detail on symlinks and rotating logs here: Log input | Filebeat Reference [8.15] | Elastic
So what's the correction, what should I configure for the input?
Also the helm chart defaults to /var/logs/container...
Is it just switching the path to the /var/log/pods/*/*.log or what ever the case? I tried and it didn't work. Or we have to switch the type from container to something else as well?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.