Docker compose FileBeat不将docker容器日志发送到弹性搜索
我的要求是配置Docker compose FileBeat不将docker容器日志发送到弹性搜索,docker-compose,elastic-stack,filebeat,Docker Compose,Elastic Stack,Filebeat,我的要求是配置filebeat以便能够将日志发送到弹性搜索,文件beat的来源是docker容器日志 我正在使用docker安装filebeat,下面提到的是我用于配置的dockerfile.filebeat.yml和docker compose文件 DockerFile: FROM docker.elastic.co/beats/filebeat:7.2.1 # Copy our custom configuration file COPY filebeat.yml /usr/share/fi
filebeatfilebeatFROM docker.elastic.co/beats/filebeat:7.2.1
# Copy our custom configuration file
COPY filebeat.yml /usr/share/filebeat/filebeat.yml
USER root
# Create a directory to map volume with all docker log files
RUN mkdir /usr/share/filebeat/dockerlogs
RUN chown -R root /usr/share/filebeat/
RUN chmod -R go-w /usr/share/filebeat/
#filebeat.modules:
#- module: system
# syslog:
# enabled: true
#auth:
#enabled: true
#- module: auditd
#log:
# Does not look like Auditd is supported in Alpine linux: https://github.com/linuxkit/linuxkit/issues/52
#enabled: false
filebeat.inputs:
- type: docker
enabled: true
containers:
path: "/var/lib/docker/containers"
stream: all # can be all, stdout or stderr
ids:
- '*'
# exclude_lines: ["^\\s+[\\-`('.|_]"] # drop asciiart lines
# multiline.pattern: "^\t|^[[:space:]]+(at|...)|^Caused by:"
# multiline.match: after
#========================== Filebeat autodiscover ==============================
# See this URL on how to run Apache2 Filebeat module: # https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html
#filebeat.autodiscover:
# providers:
# - type: docker
# https://www.elastic.co/guide/en/beats/filebeat/current/configuration-autodiscover-hints.html
# This URL alos contains instructions on multi-line logs
# hints.enabled: true
#================================ Processors ===================================
processors:
#- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_locale:
format: offset
- add_host_metadata:
netinfo.enabled: true
#========================== Elasticsearch output ===============================
output.elasticsearch:
hosts: ["http://192.168.241.40:9200"]
version: '2'
services:
filebeat:
hostname: filebeat
# ** Here to build the image, you need to specify your own docker hub account :
image: filebeat/img-1
volumes:
# needed to persist filebeat tracking data :
- "filebeat_data:/usr/share/filebeat/data:rw"
# needed to access all docker logs (read only) :
- "/var/lib/docker/containers:/usr/share/dockerlogs/data:ro"
# needed to access additional informations about containers
- "/var/run/docker.sock:/var/run/docker.sock"
volumes:
# create a persistent volume for Filebeat
filebeat_data:
注意:
ElasticSearchkibana192.168.241.40:9200filebeat.yml
# # =========================== Filebeat autodiscover ============================
filebeat.autodiscover:
providers:
- type: docker
templates:
- condition:
contains:
docker.container.image:<your_label_condition>
config:
- type: container
paths:
- "/var/lib/docker/containers/${data.docker.container.id}/*.log"
exclude_lines: ["^\\s+[\\-`('.|_]"]
filebeat.shutdown_timeout: 5s #optional
# ------------------------------- Console Output -------------------------------
output.console:
enabled: true
codec.json:
pretty: true
escape_html: false
logging.metrics.enabled: false
filebeat.yml
#===========================================文件节拍自动发现============================
filebeat.autodiscover:
供应商:
-类型:docker
模板:
-条件:
包含:
docker.container.image:
配置:
-类型:集装箱
路径:
-“/var/lib/docker/containers/${data.docker.container.id}/*.log”
排除_行:[“^\\s+[\\-`('.|"]”]
filebeat.shutdown_超时:5s#可选
#------------------------------------控制台输出-------------------------------
output.console:
已启用:true
codec.json:
真的吗
escape\u html:false
logging.metrics.enabled:false