:has_module_steps: :modulename: system nginx mysql [[filebeat-modules-quickstart]] === Quick start: modules for common log formats {beatname_uc} provides a set of pre-built modules that you can use to rapidly implement and deploy a log monitoring solution, complete with sample dashboards and data visualizations (when available), in about 5 minutes. These modules support common log formats, such as Nginx, Apache2, and MySQL, and can be run by issuing a simple command. This topic shows you how to run the basic modules with minimal extra configuration. For detailed documentation and the full list of available modules, see <>. If you are using a log file type that isn't supported by one of the available {beatname_uc} modules, you'll need to set up and configure {beatname_uc} manually by following the numbered steps under <>. ==== Prerequisites Before running {beatname_uc} modules: * Install and configure the Elastic stack. See {stack-gs}/get-started-elastic-stack.html[Getting started with the {stack}]. * Complete the {beatname_uc} installation instructions described in <>. After installing {beatname_uc}, return to this quick start page. * Install the Ingest Node GeoIP and User Agent plugins. These plugins are required to capture the geographical location and browser information used by some of the visualizations available in the sample dashboards. You can install these plugins by running the following commands in the {es} home path: + [source,shell] ---------------------------------------------------------------------- sudo bin/elasticsearch-plugin install ingest-geoip sudo bin/elasticsearch-plugin install ingest-user-agent ---------------------------------------------------------------------- + You need to restart {es} after running these commands. + If you are using an https://cloud.elastic.co/[Elastic Cloud] instance, you can enable the two plugins from the configuration page. * Verify that {es} and {kib} are running and that {es} is ready to receive data from {beatname_uc}. [[running-modules-quickstart]] ==== Running {beatname_uc} modules To set up and run {beatname_uc} modules: . In the +{beatname_lc}.yml+ config file, set the location of the {es} installation. By default, {beatname_uc} assumes {es} is running locally on port 9200. + include::../../libbeat/docs/step-configure-output.asciidoc[] include::../../libbeat/docs/step-configure-credentials.asciidoc[] . Enable the modules you want to run. For example, the following command enables the system, nginx, and mysql modules: + include::./include/enable-modules-command.asciidoc[] + This command enables the module configs defined in the `modules.d` directory. See <> for other ways to enable modules. + To see a list of enabled and disabled modules, run: + include::./include/list-modules-command.asciidoc[] . Set up the initial environment: + include::./include/setup-command.asciidoc[] . Run {beatname_uc}. + If your logs aren't in the default location, <> before running {beatname_uc}. + include::./include/run-command.asciidoc[] include::./include/visualize-data.asciidoc[] [[example-dashboard]] ==== Example dashboard Here's an example of the syslog dashboard: image:./images/kibana-system.png[Syslog dashboard] [[setting-variables]] ==== Set the paths variable The examples here assume that the logs you're harvesting are in the location expected for your OS and that the default behavior of {beatname_uc} is appropriate for your environment. include::./include/set-paths.asciidoc[] See <> for more information about setting variables and advanced options. :has_module_steps!: :modulename!: