Closed
Description
Hello,
We intend to define a custom processor for the kubernetes.container_logs stream through the Helm chart's upper-level values. Although the YAML syntax is correctly interpreted within the kibana.yml configuration file inside the Kibana container, the Kubernetes integration is not being created automatically as expected.
eck-operator: 3.0.0
eck-stack: 0.15.0
ES version: 9.0.0
Trial license activated
Integration managed by fleet: kubernetes
Here is a piece of yaml definition:
- data_output_id: es-extern-endpoint
id: eck-external-agent-policy
monitoring_enabled:
- logs
- metrics
monitoring_output_id: es-extern-endpoint
name: Elastic Agent on ECK policy - external
namespace: extern
unenroll_timeout: 900
package_policies:
- id: kubernetes-4
name: kubernetes-4
package:
name: kubernetes
inputs:
container-logs-filestream:
enabled: true
streams:
'[kubernetes.container_logs]':
enabled: true
vars:
period: *customPeriod
processors: |
- drop_event:
when:
or:
- contains:
message:
value: "DBG"
ignore_case: true
- contains:
message:
value: "TRACE"
ignore_case: true
- contains:
message:
value: "VERBOSE"
ignore_case: true
- regexp:
log.level: "(?i)^(debug|trace|verbose|dbg)$"
- regexp:
message: "(?i)level=(debug|trace|verbose|dbg)"We are already using a similar definition for other input types (e.g..: kube-proxy-kubernetes/metrics), where the integration is automatically created during the Helm chart installation.
I would appreciate any help.
Thanks in advance!