diff --git a/filebeat/examples/6.x/values.yaml b/filebeat/examples/6.x/values.yaml
index 96987de4d..92711df9b 100644
--- a/filebeat/examples/6.x/values.yaml
+++ b/filebeat/examples/6.x/values.yaml
@@ -3,3 +3,16 @@ imageTag: 6.8.8
 extraEnvs:
   - name: ELASTICSEARCH_HOSTS
     value: six-master:9200
+
+filebeatConfig:
+  filebeat.yml: |
+    filebeat.inputs:
+    - type: docker
+      containers.ids:
+        - '*'
+      processors:
+      - add_kubernetes_metadata:
+          in_cluster: true
+    output.elasticsearch:
+      host: '${NODE_NAME}'
+      hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}'
diff --git a/filebeat/examples/security/values.yaml b/filebeat/examples/security/values.yaml
index bedb79643..606961fa8 100644
--- a/filebeat/examples/security/values.yaml
+++ b/filebeat/examples/security/values.yaml
@@ -1,12 +1,15 @@
 filebeatConfig:
   filebeat.yml: |
     filebeat.inputs:
-    - type: docker
-      containers.ids:
-      - '*'
+    - type: container
+      paths:
+        - /var/log/containers/*.log
       processors:
-      - add_kubernetes_metadata:
-          in_cluster: true
+      - add_kubernetes_metadata: 
+          host: ${NODE_NAME}
+          matchers:
+          - logs_path:
+              logs_path: "/var/log/containers/"
 
     output.elasticsearch:
       username: '${ELASTICSEARCH_USERNAME}'
diff --git a/filebeat/templates/daemonset.yaml b/filebeat/templates/daemonset.yaml
index 5c0063f67..dbd446748 100644
--- a/filebeat/templates/daemonset.yaml
+++ b/filebeat/templates/daemonset.yaml
@@ -75,6 +75,9 @@ spec:
       - name: varlibdockercontainers
         hostPath:
           path: /var/lib/docker/containers
+      - name: varlog
+        hostPath:
+          path: /var/log
       - name: varrundockersock
         hostPath:
           path: /var/run/docker.sock
@@ -152,6 +155,9 @@ spec:
         - name: varlibdockercontainers
           mountPath: /var/lib/docker/containers
           readOnly: true
+        - name: varlog
+          mountPath: /var/log
+          readOnly: true
         # Necessary when using autodiscovery; avoid mounting it otherwise
         # See: https://www.elastic.co/guide/en/beats/filebeat/master/configuration-autodiscover.html
         - name: varrundockersock
diff --git a/filebeat/values.yaml b/filebeat/values.yaml
index 6405b2c9c..bb68abaf1 100755
--- a/filebeat/values.yaml
+++ b/filebeat/values.yaml
@@ -4,11 +4,15 @@
 filebeatConfig:
   filebeat.yml: |
     filebeat.inputs:
-    - type: docker
-      containers.ids:
-      - '*'
+    - type: container
+      paths:
+        - /var/log/containers/*.log
       processors:
-      - add_kubernetes_metadata: ~
+      - add_kubernetes_metadata: 
+          host: ${NODE_NAME}
+          matchers:
+          - logs_path:
+              logs_path: "/var/log/containers/"
 
     output.elasticsearch:
       host: '${NODE_NAME}'