- Fleet and Elastic Agent Guide: other versions:
- Fleet and Elastic Agent overview
- Beats and Elastic Agent capabilities
- Quick starts
- Migrate from Beats to Elastic Agent
- Deployment models
- Install Elastic Agents
- Install Fleet-managed Elastic Agents
- Install standalone Elastic Agents (advanced users)
- Install Elastic Agents in a containerized environment
- Run Elastic Agent in a container
- Run Elastic Agent on Kubernetes managed by Fleet
- Advanced Elastic Agent configuration managed by Fleet
- Run Elastic Agent on GKE managed by Fleet
- Run Elastic Agent on Amazon EKS managed by Fleet
- Run Elastic Agent on Azure AKS managed by Fleet
- Run Elastic Agent Standalone on Kubernetes
- Scaling Elastic Agent on Kubernetes
- Using a custom ingest pipeline with the Kubernetes Integration
- Environment variables
- Installation layout
- Air-gapped environments
- Using a proxy server with Elastic Agent and Fleet
- Uninstall Elastic Agents from edge hosts
- Start and stop Elastic Agents on edge hosts
- Elastic Agent configuration encryption
- Secure connections
- Manage Elastic Agents in Fleet
- Configure standalone Elastic Agents
- Create a standalone Elastic Agent policy
- Structure of a config file
- Inputs
- Providers
- Outputs
- SSL/TLS
- Logging
- Feature flags
- Agent download
- Config file examples
- Grant standalone Elastic Agents access to Elasticsearch
- Example: Use standalone Elastic Agent to monitor nginx
- Debug standalone Elastic Agents
- Kubernetes autodiscovery with Elastic Agent
- Monitoring
- Reference YAML
- Manage integrations
- Define processors
- Processor syntax
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_cef
- decode_csv_fields
- decode_duration
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- move_fields
- parse_aws_vpc_flow_log
- rate_limit
- registered_domain
- rename
- replace
- script
- syslog
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Command reference
- Troubleshoot
- Release notes
Docker Provider
editDocker Provider
editProvides inventory information from Docker. The available dynamic variables are:
Key | Type | Description |
---|---|---|
|
|
ID of the container |
|
|
Name of the container |
|
|
Image of the container |
|
|
Labels of the container |
To set the container ID dynamically in the configuration, use a variable in the Elastic Agent policy to return container ID information from the provider:
inputs: - id: 'docker-container-logs-${docker.container.id}' type: filestream paths: - '/var/lib/docker/containers/${docker.container.id}/*-json.log'
Sample of the policy generated by this configuration will look like:
inputs: - id: docker-container-logs-b9b898d9c2a1126384d38e9f857b3985480cd05c8e74ffc8b628d92245f5a103 streams: paths: - /var/lib/docker/containers/b9b898d9c2a1126384d38e9f857b3985480cd05c8e74ffc8b628d92245f5a103/*-json.log processors: - add_fields: fields: id: b9b898d9c2a1126384d38e9f857b3985480cd05c8e74ffc8b628d92245f5a103 image: image-name:latest labels: key: value name: container-name target: container - id: docker-container-596bbd114498253985e6a5c4f0f7bf2d9eb8fcd4fe3e6cb53bdfba0cdc7036c8 type: filestream streams: paths: - /var/lib/docker/containers/596bbd114498253985e6a5c4f0f7bf2d9eb8fcd4fe3e6cb53bdfba0cdc7036c8/*-json.log processors: - add_fields: fields: id: 596bbd114498253985e6a5c4f0f7bf2d9eb8fcd4fe3e6cb53bdfba0cdc7036c8 image: other-image-name:latest labels: key: value name: other-container-name target: container
Docker provider ensures that each docker container event is enriched with the container’s metadata, and hence the inputs will be populated with the
add_fields
processor which will be responsible for adding the proper container’s metadata.