Since the 8.16 Filebeat's Journald input requires the journalctl binary to ingest logs, this binary needs to be added to our Docker images.
For the Jouranld input to work properly the shipped journalctl needs to be at the same version or newer than the Journald that generated the journal files being ingested.
The easiest way to add the journalctl is to install the systemd package using the base image package manager:
# For Wolfi images
apk update
apk add systemd
# For ubi images
microdnf -y update
microdnf -y install systemd
The wolfi images ship the latest version of Systemd (systemd 257 (257.5)), which is great, our Filebeat ubi ships with an older version systemd 252 (252-46.el9_5.3).
To get the latest journalctl in the ubi docker images, the best option is probably to compile journalctl/systemd ourselves during our build process.
One option ship a 'fix' quicker is to install the systemd from the package manager, then iterate on compiling/shipping a newer versions for the images that require it, like ubi.
Acceptance criteria
Related issues
Since the 8.16 Filebeat's Journald input requires the
journalctlbinary to ingest logs, this binary needs to be added to our Docker images.For the Jouranld input to work properly the shipped
journalctlneeds to be at the same version or newer than the Journald that generated the journal files being ingested.The easiest way to add the
journalctlis to install thesystemdpackage using the base image package manager:The wolfi images ship the latest version of Systemd (
systemd 257 (257.5)), which is great, our Filebeat ubi ships with an older versionsystemd 252 (252-46.el9_5.3).To get the latest
journalctlin the ubi docker images, the best option is probably to compilejournalctl/systemd ourselves during our build process.One option ship a 'fix' quicker is to install the systemd from the package manager, then iterate on compiling/shipping a newer versions for the images that require it, like ubi.
Acceptance criteria
jouranlctlbinaryjournalctlbinaryRelated issues