Document Journald on docker

packages/iptables/_dev/build/docs/README.md

@@ -9,6 +9,14 @@ traffic (allow/deny).
 The module is by default configured to run with the `udp` input on port `9001`.
 However, it can also be configured to read from a file path or journald.
 
+To read Journald logs from within a container, you need to use the
+[`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor)
+Docker image that contains the `journalctl` binary. Journal files can have breaking changes making it
+impossible to read files generated by a newer versions of
+Journald. Ensure the journal files you are reading were generated by
+a version equal to or older than the `journalctl` shipped with the Docker
+image.
+
 ## Logs
 
 ### Iptables log

packages/iptables/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.20.1"
+  changes:
+    - description: Update documentation to mention the requirements for reading Journald logs.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/13597
 - version: "1.20.0"
   changes:
     - description: Support stack version 9.0.

packages/iptables/docs/README.md

@@ -9,6 +9,14 @@ traffic (allow/deny).
 The module is by default configured to run with the `udp` input on port `9001`.
 However, it can also be configured to read from a file path or journald.
 
+To read Journald logs from within a container, you need to use the
+[`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor)
+Docker image that contains the `journalctl` binary. Journal files can have breaking changes making it
+impossible to read files generated by a newer versions of
+Journald. Ensure the journal files you are reading were generated by
+a version equal to or older than the `journalctl` shipped with the Docker
+image.
+
 ## Logs
 
 ### Iptables log

packages/iptables/manifest.yml

@@ -1,6 +1,6 @@
 name: iptables
 title: Iptables
-version: "1.20.0"
+version: "1.20.1"
 description: Collect logs from Iptables with Elastic Agent.
 type: integration
 icons:

packages/journald/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.1.3"
+  changes:
+    - description: Update documentation to mention the requirements for reading Journald logs.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/13597
 - version: "1.1.2"
   changes:
     - description: Update Kibana requirement to support 9.x.

packages/journald/docs/README.md

@@ -5,6 +5,14 @@ The journald input reads the log data and the metadata associated with it.
 
 The journald input is available on Linux systems with `systemd` installed.
 
+To read Journald logs from within a container, you need to use the
+[`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor)
+Docker image that contains the `journalctl` binary. Journal files can have breaking changes making it
+impossible to read files generated by a newer versions of
+Journald. Ensure the journal files you are reading were generated by
+a version equal to or older than the `journalctl` shipped with the Docker
+image.
+
 An example event looks as follows:
 
 ```json

packages/journald/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.3.0
 name: journald
 title: "Custom Journald logs"
-version: 1.1.2
+version: 1.1.3
 description: Collect logs from journald with Elastic Agent.
 type: input
 categories:

packages/system/_dev/build/docs/README.md

@@ -38,6 +38,14 @@ Each data stream collects different kinds of metric data, which may require dedi
 to be fetched and which may vary across operating systems.
 Details on the permissions needed for each data stream are available in the [Metrics reference](#metrics-reference).
 
+To read Journald logs from within a container, you need to use the
+[`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor)
+Docker image that contains the `journalctl` binary. Journal files can have breaking changes making it
+impossible to read files generated by a newer versions of
+Journald. Ensure the journal files you are reading were generated by
+a version equal to or older than the `journalctl` shipped with the Docker
+image.
+
 ## Setup
 
 For step-by-step instructions on how to set up an integration, see the

packages/system/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.68.3"
+  changes:
+    - description: Update documentation to mention the requirements for reading Journald logs.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/13597
 - version: "1.68.2"
   changes:
     - description: Handle events without event_data

packages/system/docs/README.md

@@ -38,6 +38,14 @@ Each data stream collects different kinds of metric data, which may require dedi
 to be fetched and which may vary across operating systems.
 Details on the permissions needed for each data stream are available in the [Metrics reference](#metrics-reference).
 
+To read Journald logs from within a container, you need to use the
+[`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor)
+Docker image that contains the `journalctl` binary. Journal files can have breaking changes making it
+impossible to read files generated by a newer versions of
+Journald. Ensure the journal files you are reading were generated by
+a version equal to or older than the `journalctl` shipped with the Docker
+image.
+
 ## Setup
 
 For step-by-step instructions on how to set up an integration, see the

packages/system/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.0.2
 name: system
 title: System
-version: "1.68.2"
+version: "1.68.3"
 description: Collect system logs and metrics from your servers with Elastic Agent.
 type: integration
 categories: