From e40c2f10cd2e04c32218b1a42a555b6a9c33e194 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20P=C3=A9rez-Aradros=20Herce?= Date: Tue, 23 Jul 2019 12:54:52 +0200 Subject: [PATCH 1/2] Report host metadata for Kubernetes logs (#12790) * Report host metadata for Kubernetes logs Filebeat was not reporting host metadata in the default Kubernetes manifest, this change gives Filebeat access to the hostNetwork to retrieve localhost metadata. `add_host_metadata` is added to gather it. (cherry picked from commit fe18c0c2c437ebe9488f6118f14c85f53fe97569) --- CHANGELOG.next.asciidoc | 3 +++ deploy/kubernetes/filebeat-kubernetes.yaml | 3 +++ deploy/kubernetes/filebeat/filebeat-configmap.yaml | 1 + deploy/kubernetes/filebeat/filebeat-daemonset.yaml | 2 ++ 4 files changed, 9 insertions(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 8cd1bbec01a..b359cd154be 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -231,6 +231,9 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add `google-pubsub` input type for consuming messages from a Google Cloud Pub/Sub topic subscription. {pull}12746[12746] - Add module for ingesting Cisco IOS logs over syslog. {pull}12748[12748] - Add module for ingesting Google Cloud VPC flow logs. {pull}12747[12747] +- Report host metadata for Filebeat logs in Kubernetes. {pull}12790[12790] +- Add netflow dashboards based on Logstash netflow. {pull}12857[12857] +- Parse more fields from Elasticsearch slowlogs. {pull}11939[11939] *Heartbeat* diff --git a/deploy/kubernetes/filebeat-kubernetes.yaml b/deploy/kubernetes/filebeat-kubernetes.yaml index c78b23f7786..e383ce79c28 100644 --- a/deploy/kubernetes/filebeat-kubernetes.yaml +++ b/deploy/kubernetes/filebeat-kubernetes.yaml @@ -33,6 +33,7 @@ data: processors: - add_cloud_metadata: + - add_host_metadata: cloud.id: ${ELASTIC_CLOUD_ID} cloud.auth: ${ELASTIC_CLOUD_AUTH} @@ -57,6 +58,8 @@ spec: spec: serviceAccountName: filebeat terminationGracePeriodSeconds: 30 + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet containers: - name: filebeat image: docker.elastic.co/beats/filebeat:7.3.0 diff --git a/deploy/kubernetes/filebeat/filebeat-configmap.yaml b/deploy/kubernetes/filebeat/filebeat-configmap.yaml index e37a759e60e..898c24d5a84 100644 --- a/deploy/kubernetes/filebeat/filebeat-configmap.yaml +++ b/deploy/kubernetes/filebeat/filebeat-configmap.yaml @@ -33,6 +33,7 @@ data: processors: - add_cloud_metadata: + - add_host_metadata: cloud.id: ${ELASTIC_CLOUD_ID} cloud.auth: ${ELASTIC_CLOUD_AUTH} diff --git a/deploy/kubernetes/filebeat/filebeat-daemonset.yaml b/deploy/kubernetes/filebeat/filebeat-daemonset.yaml index 98fd31b73d4..9979a9fa5da 100644 --- a/deploy/kubernetes/filebeat/filebeat-daemonset.yaml +++ b/deploy/kubernetes/filebeat/filebeat-daemonset.yaml @@ -13,6 +13,8 @@ spec: spec: serviceAccountName: filebeat terminationGracePeriodSeconds: 30 + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet containers: - name: filebeat image: docker.elastic.co/beats/filebeat:%VERSION% From 6f05dbe2479eca6dfdce1a3d4f2eeceabddd2d6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20P=C3=A9rez-Aradros=20Herce?= Date: Tue, 23 Jul 2019 13:00:18 +0200 Subject: [PATCH 2/2] Update CHANGELOG.next.asciidoc --- CHANGELOG.next.asciidoc | 2 -- 1 file changed, 2 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index b359cd154be..e6057791853 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -232,8 +232,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add module for ingesting Cisco IOS logs over syslog. {pull}12748[12748] - Add module for ingesting Google Cloud VPC flow logs. {pull}12747[12747] - Report host metadata for Filebeat logs in Kubernetes. {pull}12790[12790] -- Add netflow dashboards based on Logstash netflow. {pull}12857[12857] -- Parse more fields from Elasticsearch slowlogs. {pull}11939[11939] *Heartbeat*