Following is the docker-compose used.
version: '3.5'
services:
filebeat:
image: docker.elastic.co/beats/filebeat:6.4.2
volumes:
- ${PWD}/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
- ${PWD}/test/input:/tmp/input:rw
Filebeat configuration in filebeat.yml is
filebeat.inputs:
- type: container
paths:
- '/var/lib/docker/containers/*/*.log'
processors:
- add_docker_metadata:
host: "unix:///var/run/docker.sock"
- decode_json_fields:
fields: ["message"]
target: "json"
overwrite_keys: true
output.elasticsearch:
hosts: ["elasticsearch:9200"]
indices:
- index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"
logging.json: true
logging.metrics.enabled: false
Upon docker-compose up, container fails start and the below mentioned error is reported.
Exiting: error loading config file: config file ("filebeat.yml") must be owned by the user identifier (uid=0) or root
What is the catch here? I am running this sample on my laptop running ubuntu.
error loading config file: config file ("filebeat.yml") must be owned by the user identifier (uid=0) or root
Generally, we start filebeat as root (to make sure that all files of the system be accessible by it).
You could try to start the filebeat service of your compose as root :
version: '3.5'
services:
filebeat:
user: root #change here
image: docker.elastic.co/beats/filebeat:6.4.2
volumes:
- ${PWD}/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
- ${PWD}/test/input:/tmp/input:rw
If that is not enough, you could run the container with the -strict.perms=false argument that disables the permission checks such as :
version: '3.5'
services:
filebeat:
user: root #change here
image: docker.elastic.co/beats/filebeat:6.4.2
command:
- "-e"
- "--strict.perms=false"
...
PS : the -e flag disables syslog/file output and redirects all output in the std error (not related to your point, but generally desirable in a container to read filebeat logs from the container logs).