29 lines
1.2 KiB
Text
29 lines
1.2 KiB
Text
[[filebeat-overview]]
|
|
== Filebeat overview
|
|
|
|
++++
|
|
<titleabbrev>Overview</titleabbrev>
|
|
++++
|
|
|
|
{beatname_uc} is a lightweight shipper for forwarding and centralizing log data.
|
|
Installed as an agent on your servers, {beatname_uc} monitors the log
|
|
files or locations that you specify, collects log events, and forwards them
|
|
to either to https://www.elastic.co/products/elasticsearch[Elasticsearch] or
|
|
https://www.elastic.co/products/logstash[Logstash] for indexing.
|
|
|
|
Here's how {beatname_uc} works: When you start {beatname_uc}, it starts one or
|
|
more inputs that look in the locations you've specified for log data. For
|
|
each log that {beatname_uc} locates, {beatname_uc} starts a harvester. Each
|
|
harvester reads a single log for new content and sends the new log data to
|
|
libbeat, which aggregates the events and sends the aggregated data to the output
|
|
that you've configured for {beatname_uc}.
|
|
|
|
image:./images/filebeat.png[Beats design]
|
|
|
|
For more information about inputs and harvesters, see
|
|
<<how-filebeat-works>>.
|
|
|
|
{beatname_uc} is a https://www.elastic.co/products/beats[Beat], and it is based on
|
|
the libbeat framework. General information about libbeat and setting up
|
|
Elasticsearch, Logstash, and Kibana are covered in the
|
|
{libbeat}/index.html[Beats Platform Reference].
|