diff --git a/roles/filebeat/templates/filebeat.yml b/roles/filebeat/templates/filebeat.yml
new file mode 100644
index 0000000..3d1a072
--- /dev/null
+++ b/roles/filebeat/templates/filebeat.yml
@@ -0,0 +1,44 @@
+filebeat.inputs:
+
+- type: filestream
+  id: kube1-var-log
+  enabled: true
+  paths:
+    - /var/log/*.log
+
+- type: log
+  paths:
+    - "/var/lib/docker/containers/*/*.log"
+  json.keys_under_root: true
+  json.add_error_key: true
+  json.overwrite_keys: true
+  fields:
+    container_logs: true
+  processors:
+    - dissect:
+        tokenizer: '{"test": %{json_data}}'
+        field: message
+        target_prefix: ""
+        ignore_failure: true
+
+filebeat.config.modules:
+  path: ${path.config}/modules.d/*.yml
+  reload.enabled: false
+
+setup.template.settings:
+  index.number_of_shards: 1
+
+setup.kibana:
+output.logstash:
+  hosts: ["192.168.122.1:5044"]
+
+processors:
+  - add_host_metadata:
+      when.not.contains.tags: forwarded
+  - add_cloud_metadata: ~
+  - add_docker_metadata: ~
+  - add_kubernetes_metadata: ~
+  - drop_fields:
+      fields: ["host.ip", "host.mac"]
+  - add_docker_metadata:
+      host: "unix:///var/run/docker.sock"