#filebeat.config: # modules: # path: ${path.config}/modules.d/*.yml # reload.enabled: false filebeat.autodiscover: providers: - type: docker hints.enabled: true hints.default_config: type: container paths: - /var/lib/docker/containers/${data.container.id}/*.log ignore_older: 24h processors: - add_cloud_metadata: ~ - add_locale: format: offset - add_docker_metadata: host: "unix:///var/run/docker.sock" - add_host_metadata: ~ - dissect: tokenizer: '%{nginx.remote_addr} - %{nginx.remote_user} [%{nginx.time}] %{nginx.host} "%{nginx.request}" %{nginx.status|integer} %{nginx.http_referer} "%{nginx.http_user_agent}" %{nginx.http_x_forwarded_for} %{nginx.request_id} "%{nginx.geoip_country_name}" %{nginx.geoip_country_code} %{nginx.geoip.lat|double} %{nginx.geoip.lon|double}' target_prefix: "" field: "message" when: equals: container.name: nginxfront - dissect: tokenizer: '%{php.time} [%{php.status}] %{php.info}: %{php.message}, client: %{php.client}, server: %{php.server}, request: "%{php.request}", upstream: "%{php.upstream}", host: "%{php.host}"' target_prefix: "" field: "message" when: equals: container.name: nginxfront - timestamp: field: nginx.time target_field: nginx.time layouts: - '02/Jan/2006:15:04:05 -0700' test: - '27/May/2022:21:41:02 +0000' when: equals: container.name: nginxfront - drop_event: when: equals: container.name: filebeat setup: kibana: host: '${KIBANA_HOSTS:kibana:5601}' ssl: verification_mode: none template: enabled: true name: "filebeat-%{[agent.version]}" pattern: "filebeat-%{[beat.version]}-*" settings: index.number_of_shards: 1 index.number_of_replicas: 0 append_fields: - name: container.name type: keyword - name: kubernetes.container.name type: keyword - name: nginx.geoip type: geo_point dashboards: enabled: false output.elasticsearch: hosts: '[${ELASTICSEARCH_HOSTS:elasticsearch:9200}]' username: '${ELASTICSEARCH_USERNAME:}' password: '${ELASTICSEARCH_PASSWORD:}' ssl: verification_mode: none indices: #- index: "filebeat-%{[agent.version]}-%{[container.name]:common}-%{+yyyy.MM.dd}" - index: "filebeat-%{[agent.version]}-%{[container.name]:common}" #logging.json: true #logging.metrics.enabled: false