Fix changelog and add documentation for containers.paths (#10864)

elastic · Feb 26, 2019 · 93e3b59 · 93e3b59
1 parent 5ef730f
commit 93e3b59
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
@@ -273,7 +273,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...v7.0.0-beta1[Check the
 - Added support for ingesting structured Elasticsearch server logs {pull}10428[10428]
 - Populate more ECS fields in the Suricata module. {pull}10006[10006]
 - Add module zeek. {issue}9931[9931] {pull}10034[10034]
-- Add support for CRI-O based logs autodiscover {pull}10687[10687]
 
 *Heartbeat*
 

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -249,6 +249,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Populate more ECS fields in the Suricata module. {pull}10006[10006]
 - Add ISO8601 timestamp support in syslog metricset. {issue}8716[8716] {pull}10736[10736]
 - Add more info to message logged when a duplicated symlink file is found {pull}10845[10845]
+- Add option to configure docker input with paths {pull}10687[10687]
 - Add Netflow module to enrich flow events with geoip data. {pull}10877[10877]
 - Set `event.category: network_traffic` for Suricata. {pull}10882[10882]
 - Add configuration knob for auto-discover hints to control whether log harvesting is enabled for the pod/container. {issue}10811[10811] {pull}10911[10911]

diff --git a/filebeat/docs/inputs/input-docker.asciidoc b/filebeat/docs/inputs/input-docker.asciidoc
@@ -42,6 +42,24 @@ The list of Docker container IDs to read logs from. Specify
 The base path where Docker logs are located. The default
 is `/var/lib/docker/containers`.
 
+===== `containers.paths`
+
+The list of paths to read logs from. This can be used as an alternative to
+`containers.ids` for other runtimes that use the same logging format as docker
+but place their logs in different paths. For example when using CRI-O runtime in
+Kubernetes the following configuration can be used:
+
+["source","yaml",subs="attributes"]
+----
+{beatname_lc}.inputs:
+- type: docker
+  containers.paths:
+    - /var/log/pods/${data.kubernetes.pod.uid}/${data.kubernetes.container.name}/*.log
+----
+
+When `containers.paths` is used, `containers.path` is ignored.
+
+
 ===== `containers.stream`
 
 Reads from the specified streams only: `all`, `stdout` or `stderr`. The default