Journalbeat overviewedit

Journalbeat is a lightweight shipper for forwarding and centralizing log data from systemd journals. Installed as an agent on your servers, Journalbeat monitors the journal locations that you specify, collects log events, and forwards them to either to Elasticsearch or Logstash.

Journalbeat is an Elastic Beat. It’s based on the libbeat framework. For more information, see the Beats Platform Reference.


Journalbeat requires systemd v233 or later. Versions prior to systemd v233 have a defect that prevents Journalbeat from reading rotated journals.