Since the release of Elastic-Agent v8.16.0, Filebeat started calling journalctl to read journal logs, which added the dependency on the host's journalctl or for the Docker case, the journalctl in the Docker image. Currently we only ship journalctl in the elastic-agent-complete image.
Because we call journalctl to read the journal, the Elastic-Agent (via Filebeat) can only read journals produced by a journald with a equal or smaller version then the one shipped with our Docker image.
Probably the best way to document it is to explicitly mention the need to run elastic-agent-complete and link to Filebeat's documentation for version details.
This should be added to all integrations that use the journald input.
Some integrations I know use the journald input
- Custom Journald logs
- System
- Iptables Logs
Since the release of Elastic-Agent
v8.16.0, Filebeat started callingjournalctlto read journal logs, which added the dependency on the host'sjournalctlor for the Docker case, thejournalctlin the Docker image. Currently we only shipjournalctlin theelastic-agent-completeimage.Because we call
journalctlto read the journal, the Elastic-Agent (via Filebeat) can only read journals produced by a journald with a equal or smaller version then the one shipped with our Docker image.Probably the best way to document it is to explicitly mention the need to run
elastic-agent-completeand link to Filebeat's documentation for version details.This should be added to all integrations that use the journald input.
Some integrations I know use the journald input