You need to log in to create posts and topics.

Installing Filebeat for Windows

Filebeat is a lightweight shipper for log data. It runs on the machine(s) you wish to monitor and automatically crawls log files and sends log data to the Vizion Elastic App.

 

1. Download the Filebeat 6.5.4 64 bit for Windows.

           https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.4-windows-x86_64.zip

 

2. Extract the contents of the zip file into C:\Program Files.

 

3. Rename the filebeat-6.5.4-windows directory in C:\Program Files to filebeat.

 

4. Open a PowerShell prompt as administrator and cd into C:\Program Files.

Tip: Right-click on the PowerShell icon and select "Run as Administrator".

 

5. Set the execution policy to be able to run the execution script. Cd into the filebeat folder and run the following script:

          PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-filebeat.ps1

The script is case sensitive

 

6. Configure the filebeat.yml  file with the correct Vizion.ai credentials.

Tip: The easiest way to do this is to open the file up in a code editor such as Visual Studio Code.

Filebeat Inputs Section:

#=========================== Filebeat inputs =============================
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: log
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
#/var/log/*.log
- c:\<path to where the logs are stored\*>

 

Kibana Section:

#============================== Kibana =====================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://%5B2001:db8::1]:5601
#host: "localhost:5601"
username: "<username>"
password: "<password>"

 

Elasticsearch Output Section:

#================================ Outputs =====================================
# Configure what output to use when sending the data collected by the beat.
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["<Vizion.ai API Endpoint>"]
# Optional protocol and basic auth credentials.
protocol: "https"
username: "<username>"
password: "<password>"

 

7. Test the filebeat.yml configuration. Back in the PowerShell, run the following script in the Filebeat folder:

          .\filebeat.exe -e -configtest

Tip: The Filebeat configuration will display in the terminal without any ERROR messages if everything is entered correctly.

 

8.  Run the program in the foreground to make sure everything is setup:

            .\filebeat.exe -c filebeat.yml -e -d "*"

This will run Filebeat in the terminal and will continually display any logs being added in real-time. Use CTRL-C to terminate the foreground process.

 

9. Once the config has been tested and runs without any ERROR messages, install Filebeat as a service:

            .\install-service-filebeat.ps1

 

10. Test that Filebeat has been installed as a service:

             service filebeat

Tip: If installed correctly, the terminal will display the Status, Name, and DisplayName.

 

11. Start the Filebeat service as a background process: 

              start-service filebeat

Logs should already start appearing in the Vizion.ai Discover tab within seconds.

 

12.  In the Discover tab of the Vizion.ai Kibana dashboard, create an index to display the logs.

Inputting filebeat-* should match the incoming filebeat logs from Windows. Click "next" to continue setting up the index with the desired configuration. Upon completion, the filebeat logs from Windows should start displaying in real-time as they are created.

Tip: the Refresh Interval may need to be modified to a shorter time span to see incoming the logs appear.