Before running Filebeat, you need to install and configure the Elastic stack. See Getting Started with Beats and the Elastic Stack.
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.3.0-amd64.deb sudo dpkg -i filebeat-5.3.0-amd64.deb
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.3.0-x86_64.rpm sudo rpm -vi filebeat-5.3.0-x86_64.rpm
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.3.0-darwin-x86_64.tar.gz tar xzvf filebeat-5.3.0-darwin-x86_64.tar.gz
- Download the Filebeat Windows zip file from the downloads page.
Extract the contents of the zip file into
- Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator). If you are running Windows XP, you may need to download and install PowerShell.
Run the following commands to install Filebeat as a Windows service:
PS > cd 'C:\Program Files\Filebeat' PS C:\Program Files\Filebeat> .\install-service-filebeat.ps1
If script execution is disabled on your system, you need to set the execution policy for the current session to allow the script to run. For example:
PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-filebeat.ps1.
If you’re using modules to get started with Filebeat, go back to the Quick Start for Common Log Formats page.
Otherwise, continue on to Step 2: Configuring Filebeat.
Before starting Filebeat, you should look at the configuration options in the configuration
file, for example
C:\Program Files\Filebeat\filebeat.yml or
/etc/filebeat/filebeat.yml. For more information about these options,
see Configuration Options (Reference).