You need to log in to create posts and topics.

Installing Filebeat for Linux

Filebeat is a lightweight shipper for log data. It runs on the machine(s) you wish to monitor and automatically crawls the your log files and sends log data to your Vizion Elastic app.


1. Download and Install Filebeat.

sudo curl>; chmod a+x; sudo ./ <<Elastisearch API Endpoint>>

This will:

  • Install Filebeat 6.5.4
  • Update the filebeat.yml to connect with the proper instance
  • Load the dashboards into Kibana
  • Start Filebeat

To confirm that Filebeat has been downloaded and is running, enter the following command:

service filebeat status

Tip: If you are using the Pnap version of you may need to make additional configurations in the filebeat.yml to set up the Kibana dashboard which is outlined in Step 2. 


2. Edit the configuration (For users only)

Open the filebeat.yml.

sudo vi /etc/filebeat/filebeat.yml

Change the to in the Kibana section.


#============================== Kibana =====================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://%5B2001:db8::1]:5601
username: "<username>"
password: "<password>"


3. Enable Modules

Filebeat comes with a number of modules that provide additional functionality. These modules must be enabled in order to be tracked. To see a list of available modules, run the following command:

sudo filebeat modules list

To enable a module:

sudo filebeat modules enable <module name>


4.  Configure modules.

To configure a specific module, run the following command:

sudo vi /etc/filebeat/modules.d/<module name>.yml


5. Restart Filebeat.

Once the desired configurations have been set, run the following command to restart filebeat:

service filebeat restart


6. Track Filebeat in the console. 

Filebeat should now be shipping logs from the machine to the Vizion Elastic instance. The logs can be found at /var/log/filebeat/filebeat. To test in the console that Filebeat is being tracked, run the following command:

sudo tail -f /var/log/filebeat/filebeat


7. Create an index to display the logs in the Kibana Dashboard.

In the Kibana Dashboard, click on the "Discover" tab. Inputting filebeat-* should automatically create a match with the incoming logs from Elasticsearch. Click "next" to continue setting up and creating the index. Once configured, click on the "Discover" tab which should start displaying the logs in real-time as they come in.

Tip: The Refresh Interval may need to be modified to a shorter time span to see the logs appear initially.