feat(ext/filebeat): ingest ES logs via elasticsearch module

Ensures that Elasticsearch log entries are processed through dedicated
ingestion pipelines, so that their fields can be automatically
extracted.

extensions/filebeat/config/filebeat.yml

@@ -19,6 +19,17 @@ filebeat.autodiscover:
         type: container
         paths:
           - /var/lib/docker/containers/${data.container.id}/*-json.log
+      templates:
+        - condition:
+            contains:
+              docker.container.image: elasticsearch
+          config:
+            - module: elasticsearch
+              server:
+                input:
+                  type: container
+                  paths:
+                    - /var/lib/docker/containers/${data.container.id}/*-json.log
 
 processors:
   - add_cloud_metadata: ~

setup/roles/filebeat_writer.json

@@ -2,6 +2,7 @@
   "cluster": [
     "manage_ilm",
     "manage_index_templates",
+    "manage_ingest_pipelines",
     "monitor",
     "read_pipeline"
   ],