VictoriaMetrics/deployment/docker/victorialogs/filebeat-docker
2024-05-12 23:22:50 +02:00
..
docker-compose.yml deployment: update VictoriaLogs Docker image from v0.5.2-victorialogs to v0.6.0-victorialogs 2024-05-12 23:22:50 +02:00
filebeat.yml Add docker compose examples: filebeat(docker, syslog), fluentbit(docker), logstash, vector(docker) 2023-06-21 03:59:31 -07:00
README.md Revert "deployment/docs: use lower-case links to VictoriaLogs docs" 2024-03-17 23:13:23 +02:00
scrape.yml Add docker compose examples: filebeat(docker, syslog), fluentbit(docker), logstash, vector(docker) 2023-06-21 03:59:31 -07:00

Docker compose Filebeat integration with VictoriaLogs for docker

The folder contains the example of integration of filebeat with Victorialogs

To spin-up environment run the following command:

docker compose up -d 

To shut down the docker-compose environment run the following command:

docker compose down
docker compose rm -f

The docker compose file contains the following components:

  • filebeat - fileabeat is configured to collect logs from the docker, you can find configuration in the filebeat.yml. It writes data in VictoriaLogs
  • filebeat-exporter - it export metrics about the filebeat
  • VictoriaLogs - the log database, it accepts the data from filebeat by elastic protocol
  • VictoriaMetrics - collects metrics from filebeat via filebeat-exporter, VictoriaLogs and VictoriaMetrics
  • grafana - it comes with two predefined dashboards for VictoriaLogs and VictoriaMetrics

Querying the data

  • vmui - a web UI is accessible by http://localhost:9428/select/vmui
  • for querying the data via command-line please check these docs

the example of filebeat configuration(filebeat.yml)

filebeat.autodiscover:
  providers:
    - type: docker
      hints.enabled: true

processors:
  - add_docker_metadata: ~

output.elasticsearch:
  hosts: [ "http://victorialogs:9428/insert/elasticsearch/" ]
  worker: 5
  parameters:
    _msg_field: "message"
    _time_field: "@timestamp"
    _stream_fields: "container.name"

http:
  enabled: true
  host: 0.0.0.0
  port: 5066

Please, note that _stream_fields parameter must follow recommended best practices to achieve better performance.