5. Installing FileBeat – Alexandre-Guth/Elastic-Stack-FileBeat-Logspout Wiki
FileBeat should be configured to run against an Elasticsearch node of the same version.
Table of Contents
Binary install
Download and install the Public Signing Key:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
Install the apt-transport-https package on Debian before proceeding
sudo apt-get install apt-transport-https
Save the repository definition to /etc/apt/sources.list.d/elastic-6.x.list
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
Update the repository
sudo apt-get update
List the available versions of FileBeat
sudo apt-cache policy filebeat
Install the needed version
sudo apt-get install filebeat=6.0.1
Set up the Kibana’s dashboards
The dashboards are located in /usr/share/filebeat/kibana/default/dashboard
sudo filebeat setup -e
or
sudo filebeat setup --dashboards
or
filebeat setup -E "setup.dashboards.directory=/usr/share/filebeat/kibana"
If logstash output is already enabled and the elasticsearch output disabled in the /etc/filebeat/filebeat.yml
filebeat setup --dashboards -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'
This last step is optional since there is no way for the moment to import properly dashboard templates in Kibana since the fields names of the indices have to match exactly the ones of the Kibana visualizations.
Container install
The Elastic documentation is self-explanatory :
www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html
Configuration files
Configuration file path
Rpm and deb
/etc/filebeat/filebeat.yml
Docker
/usr/share/filebeat/filebeat.yml
You can find useful configuration files templates on the Filebeat directory of this Github:
github.com/Alexandre-Guth/Elastic-Stack-FileBeat-Logspout/tree/master/FileBeat
Read more here: Source link