- Filebeat Reference: other versions:
- Overview
- Getting Started With Filebeat
- Step 1: Install Filebeat
- Step 2: Configure Filebeat
- Step 3: Configure Filebeat to use Logstash
- Step 4: Load the index template in Elasticsearch
- Step 5: Set up the Kibana dashboards
- Step 6: Start Filebeat
- Step 7: View the sample Kibana dashboards
- Quick start: modules for common log formats
- Repositories for APT and YUM
- Setting up and running Filebeat
- Upgrading Filebeat
- How Filebeat works
- Configuring Filebeat
- Specify which modules to run
- Configure inputs
- Manage multiline messages
- Specify general settings
- Load external configuration files
- Configure the internal queue
- Configure the output
- Load balance the output hosts
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- Autodiscover
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- filebeat.reference.yml
- Beats central management
- Modules
- Exported fields
- Apache2 fields
- Auditd fields
- Beat fields
- Cloud provider metadata fields
- Docker fields
- elasticsearch fields
- haproxy fields
- Host fields
- Icinga fields
- IIS fields
- Kafka fields
- kibana fields
- Kubernetes fields
- Log file content fields
- logstash fields
- mongodb fields
- MySQL fields
- Nginx fields
- Osquery fields
- PostgreSQL fields
- Redis fields
- System fields
- Traefik fields
- Monitoring Filebeat
- Securing Filebeat
- Troubleshooting
- Migrating from Logstash Forwarder to Filebeat
- Contributing to Beats
Repositories for APT and YUM
editRepositories for APT and YUM
editWe have repositories available for APT and YUM-based distributions. Note that we provide binary packages, but no source packages.
We use the PGP key D88E42B4, Elasticsearch Signing Key, with fingerprint
4609 5ACC 8548 582C 1A26 99A9 D27D 666C D88E 42B4
to sign all our packages. It is available from https://pgp.mit.edu.
APT
editTo add the Beats repository for APT:
-
Download and install the Public Signing Key:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
-
You may need to install the
apt-transport-httpspackage on Debian before proceeding:sudo apt-get install apt-transport-https
-
Save the repository definition to
/etc/apt/sources.list.d/elastic-6.x.list:echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
To add the Elastic repository, make sure that you use the
echomethod shown in the example. Do not useadd-apt-repositorybecause it will add adeb-srcentry, but we do not provide a source package.If you have added the
deb-srcentry by mistake, you will see an error like the following:Unable to find expected entry 'main/source/Sources' in Release file (Wrong sources.list entry or malformed file)
Simply delete the
deb-srcentry from the/etc/apt/sources.listfile, and the installation should work as expected. -
Run
apt-get update, and the repository is ready for use. For example, you can install Filebeat by running:sudo apt-get update && sudo apt-get install filebeat
-
To configure Filebeat to start automatically during boot, run:
sudo update-rc.d filebeat defaults 95 10
YUM
editTo add the Beats repository for YUM:
-
Download and install the public signing key:
sudo rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
-
Create a file with a
.repoextension (for example,elastic.repo) in your/etc/yum.repos.d/directory and add the following lines:[elastic-6.x] name=Elastic repository for 6.x packages baseurl=https://artifacts.elastic.co/packages/6.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
Your repository is ready to use. For example, you can install Filebeat by running:
sudo yum install filebeat -
To configure the Beat to start automatically during boot, run:
sudo chkconfig --add filebeat