I have filebeat installed on our server where we run applications in container and the expectation is to ship the container logs to the remote logstash server which is configured and connection is tested and it works perfectly.
The problem I think is due to directory access. So below is my filebeat.yml -
- type: container
enabled: true
ignore_older: 48h
recursive_glob.enabled: true
paths:
- /var/lib/docker/containers/**/*.log
fields:
appName: some_api
processors:
- add_docker_metadata:
host: "unix:///var/run/docker.sock
The account by which filebeat is being executed on docker host machine doesn't have access to directory - /var/lib/docker/containers/**/*.log could this be a reason that logs are not being shipped.
If yes then what is the use of input.type container, we could use the input.type log, right?
If no what else could be the reason? I have checked the container using docker inspect command and I am sure the log directory I have mentioned above is correct.
