feat(ext/filebeat): ingest ES logs via elasticsearch module

Ensures that Elasticsearch log entries are processed through dedicated ingestion pipelines, so that their fields can be automatically extracted.
2024-02-14 20:46:37 +01:00 · 2024-02-14 20:46:37 +01:00 · 5da1badcf9
parent e3a9d60c05
commit 5da1badcf9
2 changed files with 12 additions and 0 deletions
--- a/extensions/filebeat/config/filebeat.yml
+++ b/extensions/filebeat/config/filebeat.yml
@ -19,6 +19,17 @@ filebeat.autodiscover:
        type: container
        paths:
          - /var/lib/docker/containers/${data.container.id}/*-json.log
+      templates:
+        - condition:
+            contains:
+              docker.container.image: elasticsearch
+          config:
+            - module: elasticsearch
+              server:
+                input:
+                  type: container
+                  paths:
+                    - /var/lib/docker/containers/${data.container.id}/*-json.log

 processors:
  - add_cloud_metadata: ~
--- a/setup/roles/filebeat_writer.json
+++ b/setup/roles/filebeat_writer.json
@ -2,6 +2,7 @@
  "cluster": [
    "manage_ilm",
    "manage_index_templates",
+    "manage_ingest_pipelines",
    "monitor",
    "read_pipeline"
  ],