This functionality is in beta and is subject to change. The design and code is considered to be less mature than official GA features. Elastic will take a best effort approach to fix any issues, but beta features are not subject to the support SLA of official GA features.
Filebeat modules simplify the collection, parsing, and visualization of common log formats.
A typical module (say, for the Nginx logs) is composed of one or
more filesets (in the case of Nginx,
error). A fileset contains
- Filebeat prospector configurations, which contain the default paths where to look or the log files. These default paths depend on the operating system. The Filebeat configuration is also responsible with stitching together multiline events when needed.
- Elasticsearch Ingest Node pipeline definition, which is used to parse the log lines.
- Fields definitions, which are used to configure Elasticsearch with the correct types for each field. They also contain short descriptions for each of the fields.
- Sample Kibana dashboards, which can be used to visualize the log files.
Filebeat automatically adjusts these configurations based on your environment and loads them to the respective Elastic stack components.
At the moment, Filebeat modules require using the Elasticsearch Ingest Node. In the future, Filebeat Modules will be able to also configure Logstash as a more powerful alternative to Ingest Node.
Filebeat modules require Elasticsearch 5.2 or later.