From b0654ee8e5e83d171fc536d070586838b7576f53 Mon Sep 17 00:00:00 2001
From: Jonathan Rosser <jonathan.rosser@rd.bbc.co.uk>
Date: Thu, 5 Jul 2018 16:49:36 +0100
Subject: [PATCH] Collect journals from containers as well as the host

When journal_paths is empty the function sdJournal.NewJournal()
is used to open the journal for the host system only.

A single entry in journal_paths is opened with
sdJournal.NewJournalFrom[Dir|Files](), and multiple entries are opened
only with sdJournnalFromFiles().

Adding a single entry of /var/log/journal in the config file causes
all journal files under that directory to be opened, rather than only
that of the host system.

Change-Id: Ib758407edebff6786bf64fcf95328fb89912e3f6
---
 elk_metrics_6x/templates/journalbeat.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/elk_metrics_6x/templates/journalbeat.yml.j2 b/elk_metrics_6x/templates/journalbeat.yml.j2
index e84ecda8..808d7cb9 100644
--- a/elk_metrics_6x/templates/journalbeat.yml.j2
+++ b/elk_metrics_6x/templates/journalbeat.yml.j2
@@ -68,7 +68,7 @@ journalbeat:
   # If you want to open Journal from directory just pass an array consisting of one element
   # representing the path. See: https://www.freedesktop.org/software/systemd/man/sd_journal_open.html
   # By default this setting is empty thus journalbeat will attempt to find all journal files automatically
-  #journal_paths: ["/var/log/journal"]
+  journal_paths: ["/var/log/journal"]
 
   #default_type: journal