This functionality is experimental and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but experimental features are not subject to the support SLA of official GA features.

« Secrets keystore for secure settings Running Journalbeat on Docker »

› ›

Journalbeat command reference

edit

IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Journalbeat command reference

edit

Journalbeat provides a command-line interface for starting Journalbeat and performing common tasks, like testing configuration files.

The command-line also supports global flags for controlling global behaviors.

Use sudo to run the following commands if:

the config file is owned by root, or
Journalbeat is configured to capture data that requires root access

Commands
`export`	Exports the configuration or index template to stdout.
`help`	Shows help for any command.
`keystore`	Manages the secrets keystore.
`run`	Runs Journalbeat. This command is used by default if you start Journalbeat without specifying a command.
`setup`	Sets up the initial environment, including the ES index template.
`test`	Tests the configuration.
`version`	Shows information about the current version.

Also see Global flags.

`export` command

edit

Exports the configuration or index template to stdout. You can use this command to quickly view your configuration or see the contents of the index template.

SYNOPSIS

journalbeat export SUBCOMMAND [FLAGS]

SUBCOMMANDS

config: Exports the current configuration to stdout. If you use the -c flag, this command exports the configuration that’s defined in the specified file.
template: Exports the index template to stdout. You can specify the --es.version and --index flags to further define what gets exported.

ilm-policy: Exports ILM policy to stdout.

FLAGS

--es.version VERSION: When used with template, exports an index template that is compatible with the specified version.
-h, --help: Shows help for the export command.
--index BASE_NAME: When used with template, sets the base name to use for the index template. If this flag is not specified, the default base name is journalbeat.

Also see Global flags.

EXAMPLES

journalbeat export config
journalbeat export template --es.version 7.0.1 --index myindexname

`help` command

edit

Shows help for any command. If no command is specified, shows help for the run command.

SYNOPSIS

journalbeat help COMMAND_NAME [FLAGS]

COMMAND_NAME: Specifies the name of the command to show help for.

FLAGS

-h, --help: Shows help for the help command.

Also see Global flags.

EXAMPLE

journalbeat help export

`keystore` command

edit

Manages the secrets keystore.

SYNOPSIS

journalbeat keystore SUBCOMMAND [FLAGS]

SUBCOMMANDS

add KEY: Adds the specified key to the keystore. Use the --force flag to overwrite an existing key. Use the --stdin flag to pass the value through stdin.
create: Creates a keystore to hold secrets. Use the --force flag to overwrite the existing keystore.
list: Lists the keys in the keystore.
remove KEY: Removes the specified key from the keystore.

FLAGS

--force: Valid with the add and create subcommands. When used with add, overwrites the specified key. When used with create, overwrites the keystore.
--stdin: When used with add, uses the stdin as the source of the key’s value.
-h, --help: Shows help for the keystore command.

Also see Global flags.

EXAMPLES

journalbeat keystore create
journalbeat keystore add ES_PWD
journalbeat keystore remove ES_PWD
journalbeat keystore list

See Secrets keystore for more examples.

`run` command

edit

Runs Journalbeat. This command is used by default if you start Journalbeat without specifying a command.

SYNOPSIS

journalbeat run [FLAGS]

Or:

journalbeat [FLAGS]

FLAGS

-N, --N: Disables publishing for testing purposes. This option disables all outputs except the File output.
--cpuprofile FILE: Writes CPU profile data to the specified file. This option is useful for troubleshooting Journalbeat.
-h, --help: Shows help for the run command.
--httpprof [HOST]:PORT: Starts an http server for profiling. This option is useful for troubleshooting and profiling Journalbeat.
--memprofile FILE: Writes memory profile data to the specified output file. This option is useful for troubleshooting Journalbeat.

Also see Global flags.

EXAMPLE

journalbeat run -e

Or:

journalbeat -e

`setup` command

edit

Sets up the initial environment, including the ES index template

The index template ensures that fields are mapped correctly in Elasticsearch.

Use this command if you want to set up the environment without actually running Journalbeat and ingesting data.

SYNOPSIS

journalbeat setup [FLAGS]

FLAGS

-h, --help: Shows help for the setup command.
--template: Sets up the index template only.

Also see Global flags.

EXAMPLES

journalbeat setup --machine-learning
journalbeat setup --template

`test` command

edit

Tests the configuration.

SYNOPSIS

journalbeat test SUBCOMMAND [FLAGS]

SUBCOMMANDS

config: Tests the configuration settings.
output: Tests that Journalbeat can connect to the output by using the current settings.

FLAGS

-h, --help: Shows help for the test command.

Also see Global flags.

EXAMPLE

journalbeat test config

`version` command

edit

Shows information about the current version.

SYNOPSIS

journalbeat version [FLAGS]

FLAGS

-h, --help: Shows help for the version command.

Also see Global flags.

EXAMPLE

journalbeat version

Global flags

edit

These global flags are available whenever you run Journalbeat.

-E, --E "SETTING_NAME=VALUE"

Overrides a specific configuration setting. You can specify multiple overrides. For example:

journalbeat -E "name=mybeat" -E "output.elasticsearch.hosts=['http://myhost:9200']"

This setting is applied to the currently running Journalbeat process. The Journalbeat configuration file is not changed.

-c, --c FILE

Specifies the configuration file to use for Journalbeat. The file you specify here is relative to path.config. If the -c flag is not specified, the default config file, journalbeat.yml, is used.

-d, --d SELECTORS

Enables debugging for the specified selectors. For the selectors, you can specify a comma-separated list of components, or you can use -d "*" to enable debugging for all components. For example, -d "publish" displays all the "publish" related messages.

-e, --e

Logs to stderr and disables syslog/file output.

--path.config

Sets the path for configuration files. See the Directory layout section for details.

--path.data

Sets the path for data files. See the Directory layout section for details.

--path.home

Sets the path for miscellaneous files. See the Directory layout section for details.

--path.logs

Sets the path for log files. See the Directory layout section for details.

--strict.perms

Sets strict permission checking on configuration files. The default is -strict.perms=true. See Config file ownership and permissions in the Beats Platform Reference for more information.

-v, --v

Logs INFO-level messages.

« Secrets keystore for secure settings Running Journalbeat on Docker »

Journalbeat command reference

Journalbeat command reference

export command

help command

keystore command

run command

setup command

test command

version command

Global flags

`export` command

`help` command

`keystore` command

`run` command

`setup` command

`test` command

`version` command