- Journalbeat Reference for 6.5-7.15:
- Overview
- Getting started with Journalbeat
- Setting up and running Journalbeat
- Configuring Journalbeat
- Configure inputs
- Specify general settings
- Configure the internal queue
- Configure the output
- Configure index lifecycle management
- Specify SSL settings
- Filter and enhance the exported data
- Define processors
- Add cloud metadata
- Add fields
- Add labels
- Add the local time zone
- Add tags
- Decode CSV fields
- Decode JSON fields
- Decode Base64 fields
- Decompress gzip fields
- Community ID Network Flow Hash
- Convert
- Drop events
- Drop fields from events
- Extract array
- Keep fields from events
- Registered Domain
- Rename fields from events
- Add Kubernetes metadata
- Add Docker metadata
- Add Host metadata
- Add Observer metadata
- Dissect strings
- DNS Reverse Lookup
- Add process metadata
- Script Processor
- Timestamp
- Parse data by using ingest node
- Enrich events with geoIP information
- Configure project paths
- Configure the Kibana endpoint
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- journalbeat.reference.yml
- Exported fields
- Monitoring Journalbeat
- Securing Journalbeat
- Troubleshooting
This functionality is experimental and may be changed or removed completely in a
future release. Elastic will take a best effort approach to fix any issues, but
experimental features are not subject to the support SLA of official GA
features.
Getting started with Journalbeat
editGetting started with Journalbeat
editTo get started with your own Journalbeat setup, install and configure these related products:
- Elasticsearch for storing and indexing the data.
- Kibana for the UI.
- Logstash (optional) for parsing and enhancing the data.
See Getting started with the Elastic Stack for more information about installing these products.
You can skip having to install Elasticsearch and Kibana by using our hosted Elasticsearch Service on Elastic Cloud. The Elasticsearch Service is available on AWS, GCP, and Azure. Try out the Elasticsearch Service for free.
After installing the Elastic Stack, read the following topics to learn how to install, configure, and run Journalbeat. Upgrading to a new version of Journalbeat? Start by reading the Beats upgrade documentation.
Was this helpful?
Thank you for your feedback.