To start collecting logs data, you need to install Filebeat and configure the Filebeat modules directly from Kibana.

Alternatively, you can install Filebeat and configure the Filebeat modules yourself.

Install Filebeat from Kibanaedit

To install a Filebeat module from Kibana, on the machine where you want to collect the data, open a Kibana browser window. In the Observability section displayed on the home page of Kibana, click Add log data. Now follow the instructions for the type of data you want to collect. The instructions include how to install and configure Filebeat, and enable the appropriate Filebeat module for your data.

Install Filebeat yourselfedit

If you want to install Filebeat the old fashioned way, follow the instructions in Filebeat quick start and enable modules for the logs you want to collect. If there is no module for the logs you want to collect, see Configure inputs.

Enable Filebeat modulesedit

To start collecting logs data, you need to enable the appropriate modules in Filebeat.

To collect logs from your host system, enable:

To collect logs from Docker containers, enable:

To collect logs from Kubernetes pods, enable:

Configure your data sourcesedit

If your logs data has nonstandard fields, you may need to modify some configuration settings in Kibana, such as the index pattern used to query the data, and the timestamp field used for sorting. To modify configuration settings, use the Settings tab in the Logs app. Alternatively, see logs settings for a complete list of logs configuration settings.

More about container monitoringedit

If you’re monitoring Docker containers or Kubernetes pods, you can use autodiscovery to automatically change the configuration settings in response to changes in your containers. Autodiscovery ensures that even when your container configuration changes, data is still collected. To learn how to do this, see Filebeat autodiscover configuration.