#filebeat.config: # modules: # path: ${path.config}/modules.d/*.yml # reload.enabled: false filebeat.autodiscover: providers: - type: docker hints.enabled: true hints.default_config: type: container paths: - /var/lib/docker/containers/${data.container.id}/*.log ignore_older: 24h processors: - add_cloud_metadata: ~ - add_locale: format: offset - add_docker_metadata: host: "unix:///var/run/docker.sock" - add_host_metadata: ~ - drop_event: when: equals: container.name: filebeat setup: kibana: host: '${KIBANA_HOSTS:kibana:5601}' ssl: verification_mode: none template: enabled: true name: "filebeat-%{[agent.version]}" pattern: "filebeat-%{[beat.version]}-*" settings: index.number_of_shards: 1 index.number_of_replicas: 0 append_fields: - name: container.name type: keyword - name: kubernetes.container.name type: keyword - name: nginx.geoip type: geo_point dashboards: enabled: false # Internal queue configuration for buffering events to be published. queue: # Queue type by name (default 'mem') # The memory queue will present all available events (up to the outputs # bulk_max_size) to the output, the moment the output is ready to server # another batch of events. mem: # Max number of events the queue can buffer. events: 4096 # Hints the minimum number of events stored in the queue, # before providing a batch of events to the outputs. # The default value is set to 2048. # A value of 0 ensures events are immediately available # to be sent to the outputs. flush.min_events: 0 # Maximum duration after which events are available to the outputs, # if the number of events stored in the queue is < `flush.min_events`. flush.timeout: 0s output.elasticsearch: hosts: '[${ELASTICSEARCH_HOSTS:elasticsearch:9200}]' username: '${ELASTICSEARCH_USERNAME:}' password: '${ELASTICSEARCH_PASSWORD:}' ssl: verification_mode: none indices: #- index: "filebeat-%{[agent.version]}-%{[container.name]:common}-%{+yyyy.MM.dd}" - index: "filebeat-%{[agent.version]}-%{[container.name]:common}" #logging.json: true #logging.metrics.enabled: false