19 January 2016

Brewing in Beats: More community Beats

By Tudor Golubenco

Welcome to Weekly Beats! With this series, we're keeping you up to date with all that's new in Beats, from the details of work in progress pull requests to releases and learning resources.

Unifiedbeat - Beat for IDS/IPS event logs

Unifiedbeat reads records from Unified2 binary files generated by network intrusion detection software like Snort or Suricata, and indexes the records in Elasticsearch. Its author wrote a blog post in which he explains why Elasticsearch is a great option for storing these logs. We agree and think this is a great use of the Beats framework.

Factbeat - Beat for Puppet Facter info

Factbeat is a new community Beat, created by Toby McLaughlin from Elastic. It runs Facter periodically and sends the results to Elasticsearch. Having all the facts about your servers available in Elasticsearch makes it easy to query and visualize your infrastructure in new and interesting ways.

Expand env variables in configuration files

A commonly requested feature was to be able to use environment variables for configuring the Beats. Andrew came up with an elegant solution that allows you to use environment variables in the configuration files, while allowing for default values. This works automatically for all Beats.

Winlogbeat new field names

In time for the first release of Winlogbeat, we’ve renamed the fields exported by Winlogbeat to be more uniform with the ones exported by the other Beats.

Filebeat refactoring

We’ve made more cleanups to the Filebeat code, making it possible to cleanly shutdown Filebeat in all the corner cases.

PowerShell script for loading the dashboards

Thanks to a community contributor, our next release will include a PowerShell script that makes it easy to load our sample dashboards on Windows.

Testing environment

We now have a dockerized test environment for the manual QA phase. This makes it very easy to test against specific versions of Elasticsearch, Logstash, and Kibana.