Introduction

The Elastic Stack today is comprised of four components, Elasticsearch, Logstash, Kibana, and Beats. The last one is a family of log shippers for different use cases and Filebeat is the most popular. Filebeat is the most efficient way to get logs from files of your system to Logstail.com. This article is a general reference and settings for Filebeat. For specific instructions about a log source (such as Apache, Nginx, MySQL), you can see the Log shippers page in your Logstail.com account.

General Information

In order to set up Filebeat you need three things:

1) The public certificate of Logstail.com in your system in order to send your data encrypted

2)  Configure the YAML  file of Filebeat

3) Start or restart the Filebeat service

4) Check Logstail.com for your logs

Configuration

Filebeat is relatively easy to configure using a YAML configuration file. On Linux, this file is located at/etc/filebeat/filebeat.yml. Be aware that YAML is syntax sensitive and you cannot use tabs for spacing. Filebeat contains many configuration options, but in most cases, you will only need the very basics. For your convenience, you can refer to the example filebeat.reference.yml configuration file which is located in the same location as the filebeat.yml file, that contains all the different available options. Initially, you need Filebeat 7 or 6 (link from elastic.co)

A) Configure Filebeat on macOS or Linux

1) Download the Logstail.com certificate

For encrypted shipping through HTTPS, download the Logstail.com public certificate and place it to the logstail folder created by the -P parameter.

2) Set up the configuration file

To set up the configuration file use the Filebeat configuration wizard by navigating to the Log shippers page in your Logstail.com account. You must be logged in with your account.

First of all backup your filebeat.yml and create a new one with the following command

and paste the snippet of the service you want to monitor (Log shippers page).

3) Start Filebeat

Start or restart Filebeat for the changes to take effect.

4) Check Logstail.com for your logs

Wait a bit for the logs to get from your system to Logstail.com, and then open your Kibana page.

 

B) Configure Filebeat on Windows

1) Download the Logstail.com certificate

For encrypted shipping through HTTPS, download the Logstail.com public certificate from the following URL.

The recommended location to save the certificate is shown below. Create this folder

2) Set up the configuration file

To set up the configuration file use the Filebeat configuration wizard by navigating to the Log shippers page in your Logstail.com account. You must be logged in with your account.

First of all backup your filebeat.yml and create a new one to this location:

and paste the snippet of the service you want to monitor (Log shippers page).

3) Start Filebeat (eg. with Powershell)

Start or restart Filebeat for the changes to take effect.

4) Check Logstail.com for your logs

Wait a bit for the logs to get from your system to Logstail.com, and then open your Kibana page. Now you are ready to explore your data!

 

 

Start Free

Conclusion

Filebeat is an efficient, reliable and relatively easy-to-use log shipper. Following the general guidelines of this article, you can take the best out of this software to enhance the productivity of your ELK Stack.

0 0 vote
Article Rating