- Filebeat Reference: other versions:
- Overview
- Getting Started With Filebeat
- Step 1: Install Filebeat
- Step 2: Configure Filebeat
- Step 3: Configure Filebeat to use Logstash
- Step 4: Load the index template in Elasticsearch
- Step 5: Set up the Kibana dashboards
- Step 6: Start Filebeat
- Step 7: View the sample Kibana dashboards
- Quick start: modules for common log formats
- Repositories for APT and YUM
- Setting up and running Filebeat
- Upgrading Filebeat
- How Filebeat works
- Configuring Filebeat
- Specify which modules to run
- Configure inputs
- Manage multiline messages
- Specify general settings
- Load external configuration files
- Configure the internal queue
- Configure the output
- Load balance the output hosts
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- Autodiscover
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- filebeat.reference.yml
- Modules
- Exported fields
- Apache2 fields
- Auditd fields
- Beat fields
- Cloud provider metadata fields
- Docker fields
- elasticsearch fields
- Host fields
- Icinga fields
- IIS fields
- Kafka fields
- kibana fields
- Kubernetes fields
- Log file content fields
- logstash fields
- mongodb fields
- MySQL fields
- Nginx fields
- Osquery fields
- PostgreSQL fields
- Redis fields
- System fields
- Traefik fields
- Monitoring Filebeat
- Securing Filebeat
- Troubleshooting
- Migrating from Logstash Forwarder to Filebeat
- Contributing to Beats
Other changes
editOther changes
editThe following list of implementation changes should not affect your experience migrating from Logstash Forwarder, but you should be aware of the changes. Please post GitHub issues if you notice any regressions from Logstash Forwarder.
Packaging
editThe packaging process for Filebeat uses the Beats infrastructure, so some aspects of packaging, such as the init scripts, are different from Logstash Forwarder. Please post GitHub issues if you hit any issues with the new packages.
One notable change is the name of the registry file. The name varies depending on the package type:
-
registryfor.tar.gzand.tgzarchives -
/usr/lib/filebeat/registryfor DEB and RPM packages -
c:\ProgramData\filebeat\registryfor the Windows zip file
Publisher improvements
editBehind the scenes, Filebeat uses a slightly improved protocol for communicating with Logstash.
SSL is off by default
editIf you follow the section on migrating the configuration, you will have SSL
enabled. However, you must be aware that if the ssl section is missing from the
configuration file, Filebeat uses an unencrypted connection to talk to Logstash.
Logging
editFilebeat uses libbeat logging and can also log to rotating files instead of syslog.