diff options
Diffstat (limited to 'vendor/elastic_stack/values.yaml')
-rw-r--r-- | vendor/elastic_stack/values.yaml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/vendor/elastic_stack/values.yaml b/vendor/elastic_stack/values.yaml index a6c9fdd39a4..65e9c4b683f 100644 --- a/vendor/elastic_stack/values.yaml +++ b/vendor/elastic_stack/values.yaml @@ -11,6 +11,14 @@ elasticsearch: filebeat: enabled: true + extraVolumes: + - name: varlog + hostPath: + path: /var/log + extraVolumeMounts: + - name: varlog + mountPath: /var/log + readOnly: true filebeatConfig: filebeat.yml: | output.file.enabled: false @@ -22,6 +30,28 @@ filebeat: index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}" filebeat.inputs: - type: container + format: cri + paths: + - '/var/log/containers/*.log' + json.keys_under_root: true + json.ignore_decoding_error: true + processors: + - add_id: + target_field: tie_breaker_id + - add_cloud_metadata: ~ + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + - decode_json_fields: + fields: ["message"] + when: + equals: + kubernetes.container.namespace: "gitlab-managed-apps" + kubernetes.container.name: "modsecurity-log" + - type: container + format: docker paths: - '/var/lib/docker/containers/*/*.log' json.keys_under_root: true |