← 返回命令列表

Linux command

filebeat 命令

文件

复制后可按需替换文件名、目录或参数。

常用示例

Start filebeat

filebeat

Start with a specific configuration

filebeat -c [path/to/filebeat.yml]

Test configuration

filebeat test config

Test output connectivity

filebeat test output

Enable a module

filebeat modules enable [nginx]

List available modules

filebeat modules list

Set up dashboards and index templates

filebeat setup

Run once and exit

filebeat --once

说明

Filebeat is a lightweight log shipper from the Elastic Stack (ELK). It monitors log files, collects log events, and forwards them to Elasticsearch, Logstash, or other outputs for indexing and analysis. Filebeat uses harvesters to read log files line by line and sends the data to configured outputs. It maintains state information to track read positions, ensuring reliable delivery even after restarts. Modules provide pre-built configurations for common applications like nginx, Apache, MySQL, and system logs. Configuration is defined in filebeat.yml, specifying inputs (log paths), outputs (Elasticsearch/Logstash endpoints), and processing options.

参数

-c _FILE_
Specify configuration file (default: filebeat.yml).
-e
Log to stderr instead of syslog/file.
--modules _MODULES_
Comma-separated list of modules to run.
--once
Run harvesters once and exit when done.
--path.config _PATH_
Path to configuration files.
--path.data _PATH_
Path to data directory.
--path.logs _PATH_
Path to log files.
--strict.perms
Enforce strict permission checking on config files (default: true).
-v
Enable verbose logging.
-d _SELECTOR_
Enable debug output for specific components.

FAQ

What is the filebeat command used for?

Filebeat is a lightweight log shipper from the Elastic Stack (ELK). It monitors log files, collects log events, and forwards them to Elasticsearch, Logstash, or other outputs for indexing and analysis. Filebeat uses harvesters to read log files line by line and sends the data to configured outputs. It maintains state information to track read positions, ensuring reliable delivery even after restarts. Modules provide pre-built configurations for common applications like nginx, Apache, MySQL, and system logs. Configuration is defined in filebeat.yml, specifying inputs (log paths), outputs (Elasticsearch/Logstash endpoints), and processing options.

How do I run a basic filebeat example?

Run `filebeat` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -c _FILE_ do in filebeat?

Specify configuration file (default: filebeat.yml).