Prerequisites:
- The machine requires Java 1.8 running prior to setting Filebeat.
To download and install Filebeat, enter the designated machine as an Administrator and follow these guidelines
- Run the command: apt-get update to update the package lists for upgrades for packages that need upgrading, as well as new packages that have just come to the repositories.
- Install Java JRE 1.8 on the Linux OS. If the machine already runs Java 1.8 you may skip this part. To install Java run the command: apt-get install default-jre
- To verify that the installed Java is 1.8 run the command: java -version. If verified you may proceed to the next step
- Install Filebeat as a service:
- Run the command: curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.1-amd64.deb
- Run the command: dpkg -i filebeat-6.5.1-amd64.deb
- Configure Filebeat. To configure Filebeat to forward data to logstash, modify the file /etc/filebeat/filebeat.yml according to the guidelines described in the article: Configuring Filebeat to send data to Logstash
- Start Fliebeat service. To start the service use the command service filebeat start. The available options are: service filebeat {start|stop|status|restart|force-reload}
Note:- Any change in the filebeat.yml configuration file requires restarting the Filebeat service (defined by default as /etc/init.d/filebeat) .