Start your 14-day free trial today

No Credit Card Required

Try Free

Already have an account? Sign In

Send data via AWS Elastic Kubernetes Service Logs to your Logstash instance provided by

AWS Elastic Kubernetes Service Logs

Ship AWS EKS Logs to Logstash

Filebeat is an open source shipping agent that lets you ship AWS Elastic Kubernetes Service (EKS) container Logs to one or more destinations, including Logstash.

Step 1 - PrerequisitesCopy

Firstly Make sure you have the aws cli, eksctl & kubectl installed on local machine using the following guide

Also make sure you have setup aws configure with your AWS credentials.

To do this run the following command in your aws terminal.

aws configure

When you type this command, the AWS CLI prompts you for four pieces of information: access key, secret access key, AWS Region, and output format. This information is stored in a profile named default. This profile is used when you run commands, unless you specify another one.

Step 2 - Connecting to the clusterCopy

Update your config by running the following command. Replace <enter_region> and <enter_name> with your AWS cluster region and name.

aws eks --region <enter_region> update-kubeconfig --name <enter_name>

Check you can connect to your cluster by running the following command:

kubectl get svc

Step 3 - Deploy FilebeatCopy

You're going to need the filebeat deployment manifest.

curl -L -O

Now you have the manifest we need to add your Stack Logstash endpoint details.

Open the file in a text editor and around lines 58 you'll see the environment variables that need changing.

  value: ""
- name: BEATS_PORT
  value: "00000"

After updating the code should look as below.

  value: ["your-logstash-host"]
- name: BEATS_PORT
  value: ["your-ssl-port"]

Exit and save the file.

Step 4 - Apply your updatesCopy

Now we're going to apply the file to the cluster.

kubectl apply -f filebeat-kubernetes.yaml
If you need to apply further updates after running the apply command you may need to remove the yaml file, make your changes and then apply again.

Step 5 - Confirm DeploymentCopy

Confirm your pod has deployed, you should see output similar to that below.

kubectl get po -A


kubectl logs ["podname"] --namespace=kube-system

Browse to your Kibana instance and you should see Logs arriving in your Stack.

Step 6 - how to diagnose no data in StackCopy

If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.

Toggle View

Expand View

Return to Search

© 2023 Ltd, All rights reserved.