K
Q

Template fields mappings for nginx module with filebeat on kubernetes are not correctly loaded

1/16/2020

I'm deploying filebeat in kubernetes using the k8s manifests from here: https://raw.githubusercontent.com/elastic/beats/7.5/deploy/kubernetes/filebeat-kubernetes.yaml

The filebeat template is loaded into elasticsearch, but the mappings for nginx module are incomplete:

"nginx" : {
  "properties" : {
    "access" : {
      "properties" : {
        "geoip" : {
          "type" : "object"
        },
        "user_agent" : {
          "type" : "object"
        }
      }
    },
    "error" : {
      "properties" : {
        "connection_id" : {
          "type" : "long"
        }
      }
    }
  }
},

Most of the nginx properties defined in the fields.yaml are aliases and none of the properties defined as an alias are getting their way into the filebeat template.

Is there something I'm missing as part of the filebeat configuration ?

I also tried with my custom fields.yaml where I replaced the aliases with their concrete definition and the elasticsearh loaded mapping looks good.

-- Laurentiu Soica
elasticsearch
filebeat
kubernetes

Similar Questions

kubernetes; helm of jenkins - pod fails when changing User id to 1000
Can't access Service via Kubernetes Service with specified endpoints
How can I see executor logs in Livy running in kubernetes
Use values from values.yaml inside named template in Helm v2/v3

1 Answer

1/25/2020

I ended up mounting my own fields.yml as a ConfigMap on the filebeat DaemonSet and replacing the alias fields with their concrete definition.

-- Laurentiu Soica
Source: StackOverflow