How to crawl nginx container logs via filebeat?
I think you are over-complicating the problem at hand. Filebeat already has a lot of configurable options, you don't need to reinvent stuff like this.
I suggest you just use add_docker_metadata
processor. This will attach useful information like image
& container name
for each log produced by the container, which could then be checked by drop
processor and you could make the conditions here such that you only accept logs from a specific container only.
processors:- add_docker_metadata:- drop_event: when: not: regexp: docker.container.name: "^nginx"