elasticsearch Filebeat:如何从kube系统命名空间中排除日志,elasticsearch,filebeat,elasticsearch,Filebeat" /> elasticsearch Filebeat:如何从kube系统命名空间中排除日志,elasticsearch,filebeat,elasticsearch,Filebeat" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch Filebeat:如何从kube系统命名空间中排除日志

elasticsearch Filebeat:如何从kube系统命名空间中排除日志

elasticsearch Filebeat:如何从kube系统命名空间中排除日志,elasticsearch,filebeat,elasticsearch,Filebeat,我尝试了这里提到的所有可能的解决方案,并发现了StackOverflow。但无法从kube系统名称空间中排除日志。基本上,我从所有名称空间获取日志 data: filebeat.yml: |- filebeat.inputs: - type: container paths: - /var/log/containers/*.log processors: - add_kubernetes_metadata:

我尝试了这里提到的所有可能的解决方案,并发现了StackOverflow。但无法从kube系统名称空间中排除日志。基本上,我从所有名称空间获取日志

data:
  filebeat.yml: |-
    filebeat.inputs:
    - type: container
      paths:
        - /var/log/containers/*.log
      processors:
        - add_kubernetes_metadata:
            host: ${NODE_NAME}
            matchers:
            - logs_path:
                logs_path: "/var/log/containers/"
        - drop_event.when:
            or:
            - equals:
                kubernetes.namespace: "kube-system"
            - equals:
                kubernetes.namespace: "monitoring"

    setup.ilm.enabled: false
    output.elasticsearch:
      hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
      username: ${ELASTICSEARCH_USERNAME}
      password: ${ELASTICSEARCH_PASSWORD}
甚至试过这个

filebeat.autodiscover:
 providers:
   - type: kubernetes
     node: ${NODE_NAME}
     hints.enabled: true
     hints.default_config:
       type: container
       paths:
         - /var/log/containers/*${data.kubernetes.container.id}.log
processors:
  - drop_event.when:
        or:
        - equals:
            kubernetes.namespace: kube-system
        - equals:
            kubernetes.namespace: monitoring
但一切都不起作用