    How to run Filebeat on Kubernetes?

    You can use Filebeat Docker images on Kubernetes to retrieve and ship container logs. You deploy Filebeat as a DaemonSet to ensure there’s a running instance on each node of the cluster. Filebeat DaemonSet deployed in Kube-system namespace by default. you can change the namespace by modifying the manifest files. 

    To Download Manifest file:

    curl -L -O https://raw.githubusercontent.com/elastic/beats/6.6/deploy/kubernetes/filebeat-kubernetes.yaml

    Change the default configuration for Elasticsearch in the manifest file if your Elasticsearch is not running on the default ports and localhost.


      value: elasticsearch.example.com  --> host fqdn or ip


      value: "9200"
     Now we'll deploy the Filebeat in Kubernetes :

     To deploy Filebeat to Kubernetes, run:
    kubectl create -f filebeat-kubernetes.yaml

    To check the status, run:

     $ kubectl --namespace=kube-system get ds/filebeat

    filebeat   12        12        0         12           0           <none>          21d

