This is really part of a much longer story about how I set up infrastructure in my pseudo home-lab, involving a neat piece of kit running VMWare ESXi with a VM dedicated as a DNS server and the whole works.
For some reason, I’ve had to pull my hair out trying to get Filebeat to send anything to Elastic. Nothing was showing up in Kibana, and being new to pretty much everything I’m playing with, I didn’t have the finesse to troll through the log and find the point of failure.
What I discovered after running
docker info (and this is why I single out Moby above) is that the log driver Docker is using is not
json-file as the docs indicate is the default, but rather
syslog. This means that all of the
*-json.log files that Filebeat expects to see and pick up simply don’t exist.
I will change this and test in a moment, but nothing shows up from a quick Google search indicating that Moby is special here. Odd.