Journalbeat command reference

edit

Journalbeat provides a command-line interface for starting Journalbeat and performing common tasks, like testing configuration files.

The command-line also supports global flags for controlling global behaviors.

Use sudo to run the following commands if:

  • the config file is owned by root, or
  • Journalbeat is configured to capture data that requires root access
Commands

export

Exports the configuration or index template to stdout.

help

Shows help for any command.

keystore

Manages the secrets keystore.

run

Runs Journalbeat. This command is used by default if you start Journalbeat without specifying a command.

setup

Sets up the initial environment, including the ES index template.

test

Tests the configuration.

version

Shows information about the current version.

Also see Global flags.

export command

edit

Exports the configuration or index template to stdout. You can use this command to quickly view your configuration or see the contents of the index template.

SYNOPSIS

journalbeat export SUBCOMMAND [FLAGS]

SUBCOMMANDS

config
Exports the current configuration to stdout. If you use the -c flag, this command exports the configuration that’s defined in the specified file.
template
Exports the index template to stdout. You can specify the --es.version and --index flags to further define what gets exported.
ilm-policy
Exports ILM policy to stdout.

FLAGS

--es.version VERSION
When used with template, exports an index template that is compatible with the specified version.
-h, --help
Shows help for the export command.
--index BASE_NAME
When used with template, sets the base name to use for the index template. If this flag is not specified, the default base name is journalbeat.

Also see Global flags.

EXAMPLES

journalbeat export config
journalbeat export template --es.version 7.0.1 --index myindexname

help command

edit

Shows help for any command. If no command is specified, shows help for the run command.

SYNOPSIS

journalbeat help COMMAND_NAME [FLAGS]
COMMAND_NAME
Specifies the name of the command to show help for.

FLAGS

-h, --help
Shows help for the help command.

Also see Global flags.

EXAMPLE

journalbeat help export

keystore command

edit

Manages the secrets keystore.

SYNOPSIS

journalbeat keystore SUBCOMMAND [FLAGS]

SUBCOMMANDS

add KEY
Adds the specified key to the keystore. Use the --force flag to overwrite an existing key. Use the --stdin flag to pass the value through stdin.
create
Creates a keystore to hold secrets. Use the --force flag to overwrite the existing keystore.
list
Lists the keys in the keystore.
remove KEY
Removes the specified key from the keystore.

FLAGS

--force
Valid with the add and create subcommands. When used with add, overwrites the specified key. When used with create, overwrites the keystore.
--stdin
When used with add, uses the stdin as the source of the key’s value.
-h, --help
Shows help for the keystore command.

Also see Global flags.

EXAMPLES

journalbeat keystore create
journalbeat keystore add ES_PWD
journalbeat keystore remove ES_PWD
journalbeat keystore list

See Secrets keystore for more examples.

run command

edit

Runs Journalbeat. This command is used by default if you start Journalbeat without specifying a command.

SYNOPSIS

journalbeat run [FLAGS]

Or:

journalbeat [FLAGS]

FLAGS

-N, --N
Disables publishing for testing purposes. This option disables all outputs except the File output.
--cpuprofile FILE
Writes CPU profile data to the specified file. This option is useful for troubleshooting Journalbeat.
-h, --help
Shows help for the run command.
--httpprof [HOST]:PORT
Starts an http server for profiling. This option is useful for troubleshooting and profiling Journalbeat.
--memprofile FILE
Writes memory profile data to the specified output file. This option is useful for troubleshooting Journalbeat.

Also see Global flags.

EXAMPLE

journalbeat run -e

Or:

journalbeat -e

setup command

edit

Sets up the initial environment, including the ES index template

  • The index template ensures that fields are mapped correctly in Elasticsearch.

Use this command if you want to set up the environment without actually running Journalbeat and ingesting data.

SYNOPSIS

journalbeat setup [FLAGS]

FLAGS

-h, --help
Shows help for the setup command.
--template
Sets up the index template only.

Also see Global flags.

EXAMPLES

journalbeat setup --machine-learning
journalbeat setup --template

test command

edit

Tests the configuration.

SYNOPSIS

journalbeat test SUBCOMMAND [FLAGS]

SUBCOMMANDS

config
Tests the configuration settings.
output
Tests that Journalbeat can connect to the output by using the current settings.

FLAGS

-h, --help
Shows help for the test command.

Also see Global flags.

EXAMPLE

journalbeat test config

version command

edit

Shows information about the current version.

SYNOPSIS

journalbeat version [FLAGS]

FLAGS

-h, --help
Shows help for the version command.

Also see Global flags.

EXAMPLE

journalbeat version

Global flags

edit

These global flags are available whenever you run Journalbeat.

-E, --E "SETTING_NAME=VALUE"

Overrides a specific configuration setting. You can specify multiple overrides. For example:

journalbeat -E "name=mybeat" -E "output.elasticsearch.hosts=['http://myhost:9200']"

This setting is applied to the currently running Journalbeat process. The Journalbeat configuration file is not changed.

-c, --c FILE
Specifies the configuration file to use for Journalbeat. The file you specify here is relative to path.config. If the -c flag is not specified, the default config file, journalbeat.yml, is used.
-d, --d SELECTORS
Enables debugging for the specified selectors. For the selectors, you can specify a comma-separated list of components, or you can use -d "*" to enable debugging for all components. For example, -d "publish" displays all the "publish" related messages.
-e, --e
Logs to stderr and disables syslog/file output.
--path.config
Sets the path for configuration files. See the Directory layout section for details.
--path.data
Sets the path for data files. See the Directory layout section for details.
--path.home
Sets the path for miscellaneous files. See the Directory layout section for details.
--path.logs
Sets the path for log files. See the Directory layout section for details.
--strict.perms
Sets strict permission checking on configuration files. The default is -strict.perms=true. See Config file ownership and permissions in the Beats Platform Reference for more information.
-v, --v
Logs INFO-level messages.