This functionality is in beta and is subject to change. The design and code is considered to be less mature than official GA features. Elastic will take a best effort approach to fix any issues, but beta features are not subject to the support SLA of official GA features.
add_docker_metadata processor annotates each event with relevant metadata
from Docker containers:
- Container ID
processors: - add_docker_metadata: host: "unix:///var/run/docker.sock" match_fields: ["system.process.cgroup.id"] match_source: true match_source_index: 4 # To connect to Docker over TLS you must specify a client and CA certificate. #ssl: # certificate_authority: "/etc/pki/root/ca.pem" # certificate: "/etc/pki/client/cert.pem" # key: "/etc/pki/client/cert.key"
It has the following settings:
(Optional) Docker socket (UNIX or TCP socket). It uses
- (Optional) A list of fields to match a container id, at least one of them should hold a container id to get the event enriched.
(Optional) Match container id from a log path present in
sourcefield. Enabled by default.
(Optional) Index in the source path split by / to look
for container id. It defaults to 4 to match