youtubebeat/vendor/github.com/elastic/beats/filebeat/docs/modules-getting-started.asciidoc

:has_module_steps:
:modulename: system nginx mysql

[[filebeat-modules-quickstart]]
=== Quick start: modules for common log formats

{beatname_uc} provides a set of pre-built modules that you can use to rapidly
implement and deploy a log monitoring solution, complete with sample dashboards
and data visualizations (when available), in about 5 minutes. These modules
support common log formats, such as Nginx, Apache2, and MySQL, and can be run by
issuing a simple command.

This topic shows you how to run the basic modules with minimal extra
configuration. For detailed documentation and the full list of available
modules, see <<filebeat-modules>>.

If you are using a log file type that isn't supported by one of the available
{beatname_uc} modules, you'll need to set up and configure {beatname_uc} manually by
following the numbered steps under <<filebeat-getting-started>>.

==== Prerequisites

Before running {beatname_uc} modules:

* Install and configure the Elastic stack. See
{stack-gs}/get-started-elastic-stack.html[Getting started with the {stack}].

* Complete the {beatname_uc} installation instructions described in
<<filebeat-installation>>. After installing {beatname_uc}, return to this
quick start page.

* Install the Ingest Node GeoIP and User Agent plugins. These plugins are
required to capture the geographical location and browser information used by
some of the visualizations available in the sample dashboards. You can install
these plugins by running the following commands in the {es} home path:
+
[source,shell]
----------------------------------------------------------------------
sudo bin/elasticsearch-plugin install ingest-geoip
sudo bin/elasticsearch-plugin install ingest-user-agent
----------------------------------------------------------------------
+
You need to restart {es} after running these commands.
+
If you are using an https://cloud.elastic.co/[Elastic Cloud] instance, you can
enable the two plugins from the configuration page.

* Verify that {es} and {kib} are running and that {es} is
ready to receive data from {beatname_uc}.

[[running-modules-quickstart]]
==== Running {beatname_uc} modules

To set up and run {beatname_uc} modules:

. In the +{beatname_lc}.yml+ config file, set the location of the {es}
installation. By default, {beatname_uc} assumes {es} is running locally on port
9200.
+
include::../../libbeat/docs/step-configure-output.asciidoc[]

include::../../libbeat/docs/step-configure-credentials.asciidoc[]

. Enable the modules you want to run. For example, the following command enables
the system, nginx, and mysql modules:
+
include::./include/enable-modules-command.asciidoc[]
+
This command enables the module configs defined in the `modules.d` directory. See
<<configuration-{beatname_lc}-modules>> for other ways to enable modules.
+
To see a list of enabled and disabled modules, run:
+
include::./include/list-modules-command.asciidoc[]

. Set up the initial environment:
+
include::./include/setup-command.asciidoc[]

. Run {beatname_uc}.
+
If your logs aren't in the default location, 
<<setting-variables,set the paths variable>> before running {beatname_uc}.
+
include::./include/run-command.asciidoc[]

include::./include/visualize-data.asciidoc[]

[[example-dashboard]]
==== Example dashboard

Here's an example of the syslog dashboard:

image:./images/kibana-system.png[Syslog dashboard]


[[setting-variables]]
==== Set the paths variable

The examples here assume that the logs you're harvesting are in the location
expected for your OS and that the default behavior of {beatname_uc} is appropriate
for your environment. 

include::./include/set-paths.asciidoc[]

See <<configuration-filebeat-modules>> for more information about setting
variables and advanced options.


:has_module_steps!:
:modulename!: