Start Filebeat by issuing the appropriate command for your platform. If you are accessing a secured Elasticsearch cluster, make sure you’ve configured credentials as described in Step 2: Configure Filebeat.
If you use an init.d script to start Filebeat on deb or rpm, you can’t specify command line flags (see Command reference). To specify flags, start Filebeat in the foreground.
deb and rpm:
sudo service filebeat start
mac and linux:
You’ll be running Filebeat as root, so you need to change ownership
of the configuration file, or run Filebeat with
To have launchd start
elastic/tap/filebeat and then restart it at login,
brew services start elastic/tap/filebeat-full
To run Filebeat in the foreground instead of running it as a background service, run:
PS C:\Program Files\Filebeat> Start-Service filebeat
By default, Windows log files are stored in
Filebeat is now ready to send log files to your defined output.