episyche logo represented by a symbol of a brain

Episyche

nav bar menu for mobile contains the nav bar content

Search/Elasticsearch/

How to setup FileBeat and MetricBeat on Ubuntu?

Published on

How to setup FileBeat and MetricBeat on Ubuntu?
Each beat is dedicated to shipping different types of information. Metricbeat ships host metrics, and so forth. Filebeat is designed to ship log files. You can configure the Filebeat and Metricbeat using the detailed steps explained here.

Introduction:

Filebeat :

Filebeat is a lightweight shipper for forwarding and centralizing log data. Installed as an agent on your servers, Filebeat monitors the log files or locations that you specify, collects log events, and forwards them either to Elasticsearch or Logstash for indexing.

Metricbeat :

Metricbeat is a lightweight shipper that you can install on your servers to periodically collect metrics from the operating system and from services running on the server. Metricbeat takes the metrics and statistics that it collects and ships them to the output that you specify, such as Elasticsearch or Logstash.

Flow diagram:


flow diagram

Prerequisites :

  • Ubuntu Server

Steps :

Step 1: Install Elasticsearch and Kibana

To install Elasticsearch and kibana follow the steps on the below reference page.

Ref – How to configure Elasticsearch and Kibana setup

Step 2: Install and configure Metricbeat

  • To Install Metricbeat, please run the following command.

1apt install metricbeat

  • Start and enable Metricbeat auto start after a server reboot, using the following commands.

1systemctl start metricbeat.service 2systemctl enable metricbeat.service

  • Navigate to the Metricbeat configuration directory.

cd /etc/metricbeat

  • Update the metricbeat.yml with the following configurations in output. elasticsearch section.

hosts : [“<your_server_ip>:9200”]

protocol: “https”

username: "elastic"

password : <superuser_password>

ssl.certificate_authority : [“ your_certificate_path” ]

A sample Metricbeat configuration can be found in the following git repository file.

  • To Setup the default metricbeat dashboard on Kibana, please execute the following command.

1metricbeat setup --dashboard

  • To verify the dashboard created from the above step, Please login into Kibana.

    • Navigate to the dashboard section

      • Kibana > Stack Management > Index Management > Data Streams



metricbeat

    • Search for Metricbeat Dashboards, if the Metricbeat dashboard is loaded successfully, the following dashboards will appear on the screen.

      • Kibana > Dashboards



dashboard

Step 3: Install and configure Filebeat

  • To Install Filebeat, please run the following command.

1apt install Filebeat

  • Start and enable Filebeat auto start after a server reboot, using the following commands.

1systemctl start filebeat.service 2systemctl enable filebeat.service

  • Navigate to the Filebeat configuration directory.

cd /etc/filebeat

  • Update the filebeat.yml with the following configurations.

    • In the Filebeat inputs section

      • type: filestream

      • enabled: false

    • In the Elasticsearch Output section

      • hosts : [“<your_server_ip>:9200”]

      • protocol: “https”

      • username: "elastic"

      • password : <superuser_password>

      • ssl.certificate_authority : [“ your_certificate_path” ]

A sample Filebeat configuration can be found in the following git repository file.

  • To verify the dashboard created, Please login into Kibana.

    • Navigate to the dashboard section

      • Kibana > Stack Management > Index Management > Data Streams



filebeat

    • Search for Filebeat Dashboards, if the Filoebeat dashboard is loaded successfully, the following dashboards will appear on the screen.

      • Kibana > Dashboards



dashboard

Comments