Run Filebeat on Cloud Foundryedit

You can use Filebeat on Cloud Foundry to retrieve and ship logs.

Cloud Foundry credentialsedit

Filebeat needs credentials created with UAA so it can connect to loggregator to receive the logs. The uaac command will create the required credentials for connecting to loggregator.

uaac client add filebeat --name filebeat --secret changeme --authorized_grant_types client_credentials,refresh_token --authorities doppler.firehose,cloud_controller.admin_read_only

Use a unique secret: The uaac command shown here is an example. Remember to replace changeme with your secret, and update the filebeat.yml file to use your chosen secret.

Cloud Foundry deploy manifestsedit

You deploy Filebeat as an application with no route.

Cloud Foundry requires that 3 files exist inside of a directory to allow Filebeat to be pushed. The commands below provide the basic steps for getting it up and running.

curl -L -O
tar xzvf filebeat-7.10.0-linux-x86_64.tar.gz
cd filebeat-7.10.0-linux-x86_64
curl -L -O
# Update api_address, client_id, client_secret in downloaded filebeat.
curl -L -O


To deploy Filebeat to Cloud Foundry, run:

cf push

To check the status, run:

$ cf apps

name       requested state   instances   memory   disk   urls
filebeat   started           1/1         512M     1G

Log events should start flowing to Elasticsearch. The events are annotated with metadata added by the add_cloudfoundry_metadata processor.