container/docker-filebeat
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

migrate nginx filter from docker configuration to kubernetes one

Browse Source
This commit is contained in:
RouxAntoine 2023-02-19 20:49:47 +01:00
parent 0b737c278f
commit 96c3b6ed9a
Signed by: antoine
GPG Key ID: 098FB66FC0475E70
3 changed files with 28 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -12,7 +12,7 @@ VERBOSITY=debug
## build ## build
build: build:
docker manifest rm docker.registry:5000/filebeat:latest docker manifest rm docker.registry:5000/filebeat:latest || true
docker-multi-arch-builder build -n filebeat --platforms $(PLATFORM) -v $(VERBOSITY) docker-multi-arch-builder build -n filebeat --platforms $(PLATFORM) -v $(VERBOSITY)
## management ## management

25
filebeat-docker.yml
View File

@ -20,31 +20,6 @@ processors:
- add_docker_metadata: - add_docker_metadata:
host: "unix:///var/run/docker.sock" host: "unix:///var/run/docker.sock"
- add_host_metadata: ~ - add_host_metadata: ~
- dissect:
tokenizer: '%{nginx.remote_addr} - %{nginx.remote_user} [%{nginx.time}] %{nginx.host} "%{nginx.request}" %{nginx.status|integer} %{nginx.http_referer} "%{nginx.http_user_agent}" %{nginx.http_x_real_ip} %{nginx.http_x_forwarded_for} %{nginx.request_id} "%{nginx.geoip_country_name}" %{nginx.geoip_country_code} "%{nginx.geoip_asn_name}" %{nginx.geoip_asn_number|integer} location:"%{nginx.geoip.lat|double}" "%{nginx.geoip.lon|double}" req_header:"%{nginx.header.req}" resp_header:"%{nginx.header.resp}"'
trim_values: all
target_prefix: ""
field: "message"
when:
equals:
container.name: nginxfront
- dissect:
tokenizer: '%{php.time} [%{php.status}] %{php.info}: %{php.message}, client: %{php.client}, server: %{php.server}, request: "%{php.request}", host: "%{php.host}"'
target_prefix: ""
field: "message"
when:
equals:
container.name: nginxfront
- timestamp:
field: nginx.time
target_field: nginx.time
layouts:
- '02/Jan/2006:15:04:05 -0700'
test:
- '27/May/2022:21:41:02 +0000'
when:
equals:
container.name: nginxfront
- drop_event: - drop_event:
when: when:
equals: equals:

27
filebeat-kubernetes.yml
View File

@ -47,6 +47,31 @@ processors:
to: "container.name" to: "container.name"
ignore_missing: true ignore_missing: true
fail_on_error: false fail_on_error: false
- dissect:
tokenizer: '%{nginx.remote_addr} - %{nginx.remote_user} [%{nginx.time}] %{nginx.host} "%{nginx.request}" %{nginx.status|integer} %{nginx.http_referer} "%{nginx.http_user_agent}" %{nginx.http_x_real_ip} %{nginx.http_x_forwarded_for} %{nginx.request_id} "%{nginx.geoip_country_name}" %{nginx.geoip_country_code} "%{nginx.geoip_asn_name}" %{nginx.geoip_asn_number|integer} location:"%{nginx.geoip.lat|double}" "%{nginx.geoip.lon|double}" req_header:"%{nginx.header.req}" resp_header:"%{nginx.header.resp}"'
trim_values: all
target_prefix: ""
field: "message"
when:
equals:
container.name: nginxfront
- dissect:
tokenizer: '%{php.time} [%{php.status}] %{php.info}: %{php.message}, client: %{php.client}, server: %{php.server}, request: "%{php.request}", host: "%{php.host}"'
target_prefix: ""
field: "message"
when:
equals:
container.name: nginxfront
- timestamp:
field: nginx.time
target_field: nginx.time
layouts:
- '02/Jan/2006:15:04:05 -0700'
test:
- '27/May/2022:21:41:02 +0000'
when:
equals:
container.name: nginxfront
- drop_event: - drop_event:
when: when:
equals: equals:
@ -69,6 +94,8 @@ setup:
type: keyword type: keyword
- name: kubernetes.container.name - name: kubernetes.container.name
type: keyword type: keyword
- name: nginx.geoip
type: geo_point
dashboards: dashboards:
enabled: false enabled: false