Version: Spectra Detect 5.5.1

Customizing logging

Spectra Detect Manager, Worker, and Hub pods, by default come with a filebeat sidecar. The sidecar uses console output to export logs in JSON format to stdout.

Disabling filebeat sidecar

Disable the filebeat sidecar by changing filebeat.enable value to false:

helm install <...> \
  --set 'filebeat.enable=false'

Configuring filebeat output

Setting the filebeat.output value allows you to override the filebeat output configuration:

helm install <...> \
  --set-json 'filebeat.output={"console": {"enabled": false}, "elasticsearch": {"hosts": ["10.45.3.2:9220", "10.45.3.1:9230"], "protocol": "https"}}'

As a result, this configuration will be appended to the filebeat configuration:

output.console:
  enabled: false
  pretty: true

output.elasticsearch:
  hosts:
  - 10.45.3.2:9220
  - 10.45.3.1:9230
  protocol: https

Custom filebeat configuration

A custom filebeat configuration file can be specified as the filebeat.config value:

helm install <...> \
  --set-file 'filebeat.config=filebeat.yml'

Changing filebeat image or version

Change the filebeat image or version by setting the filebeat.image and filebeat.tag values:

helm install <...> \
  --set 'filebeat.image=docker.elastic.co/beats/filebeat' --set 'filebeat.tag=8.12.0'

Disabling filebeat sidecar​

Configuring filebeat output​

Custom filebeat configuration​

Changing filebeat image or version​

Disabling filebeat sidecar

Configuring filebeat output

Custom filebeat configuration

Changing filebeat image or version