Journalbeat command reference
editJournalbeat command reference
editJournalbeat provides a command-line interface for starting Journalbeat and performing common tasks, like testing configuration files.
The command-line also supports global flags for controlling global behaviors.
Use sudo
to run the following commands if:
-
the config file is owned by
root
, or -
Journalbeat is configured to capture data that requires
root
access
Commands | |
---|---|
Exports the configuration or index template to stdout. |
|
Shows help for any command. |
|
Manages the secrets keystore. |
|
Runs Journalbeat. This command is used by default if you start Journalbeat without specifying a command. |
|
Sets up the initial environment, including the ES index template. |
|
Tests the configuration. |
|
Shows information about the current version. |
Also see Global flags.
export
command
editExports the configuration or index template to stdout. You can use this command to quickly view your configuration or see the contents of the index template.
SYNOPSIS
journalbeat export SUBCOMMAND [FLAGS]
SUBCOMMANDS
FLAGS
-
--es.version VERSION
-
When used with
template
, exports an index template that is compatible with the specified version. -
-h, --help
-
Shows help for the
export
command. -
--index BASE_NAME
-
When used with
template
, sets the base name to use for the index template. If this flag is not specified, the default base name isjournalbeat
.
Also see Global flags.
EXAMPLES
journalbeat export config journalbeat export template --es.version 7.0.1 --index myindexname
help
command
editShows help for any command. If no command is specified, shows help for the
run
command.
SYNOPSIS
journalbeat help COMMAND_NAME [FLAGS]
-
COMMAND_NAME
- Specifies the name of the command to show help for.
FLAGS
-
-h, --help
-
Shows help for the
help
command.
Also see Global flags.
EXAMPLE
journalbeat help export
keystore
command
editManages the secrets keystore.
SYNOPSIS
journalbeat keystore SUBCOMMAND [FLAGS]
SUBCOMMANDS
-
add KEY
-
Adds the specified key to the keystore. Use the
--force
flag to overwrite an existing key. Use the--stdin
flag to pass the value throughstdin
. -
create
-
Creates a keystore to hold secrets. Use the
--force
flag to overwrite the existing keystore. -
list
- Lists the keys in the keystore.
-
remove KEY
- Removes the specified key from the keystore.
FLAGS
-
--force
-
Valid with the
add
andcreate
subcommands. When used withadd
, overwrites the specified key. When used withcreate
, overwrites the keystore. -
--stdin
-
When used with
add
, uses the stdin as the source of the key’s value. -
-h, --help
-
Shows help for the
keystore
command.
Also see Global flags.
EXAMPLES
journalbeat keystore create journalbeat keystore add ES_PWD journalbeat keystore remove ES_PWD journalbeat keystore list
See Secrets keystore for more examples.
run
command
editRuns Journalbeat. This command is used by default if you start Journalbeat without specifying a command.
SYNOPSIS
journalbeat run [FLAGS]
Or:
journalbeat [FLAGS]
FLAGS
-
-N, --N
- Disables publishing for testing purposes. This option disables all outputs except the File output.
-
--cpuprofile FILE
- Writes CPU profile data to the specified file. This option is useful for troubleshooting Journalbeat.
-
-h, --help
-
Shows help for the
run
command. -
--httpprof [HOST]:PORT
- Starts an http server for profiling. This option is useful for troubleshooting and profiling Journalbeat.
-
--memprofile FILE
- Writes memory profile data to the specified output file. This option is useful for troubleshooting Journalbeat.
Also see Global flags.
EXAMPLE
journalbeat run -e
Or:
journalbeat -e
setup
command
editSets up the initial environment, including the ES index template
- The index template ensures that fields are mapped correctly in Elasticsearch.
Use this command if you want to set up the environment without actually running Journalbeat and ingesting data.
SYNOPSIS
journalbeat setup [FLAGS]
FLAGS
-
-h, --help
-
Shows help for the
setup
command. -
--template
- Sets up the index template only.
Also see Global flags.
EXAMPLES
journalbeat setup --machine-learning journalbeat setup --template
test
command
editTests the configuration.
SYNOPSIS
journalbeat test SUBCOMMAND [FLAGS]
SUBCOMMANDS
-
config
- Tests the configuration settings.
-
output
- Tests that Journalbeat can connect to the output by using the current settings.
FLAGS
-
-h, --help
-
Shows help for the
test
command.
Also see Global flags.
EXAMPLE
journalbeat test config
version
command
editShows information about the current version.
SYNOPSIS
journalbeat version [FLAGS]
FLAGS
-
-h, --help
-
Shows help for the
version
command.
Also see Global flags.
EXAMPLE
journalbeat version
Global flags
editThese global flags are available whenever you run Journalbeat.
-
-E, --E "SETTING_NAME=VALUE"
-
Overrides a specific configuration setting. You can specify multiple overrides. For example:
journalbeat -E "name=mybeat" -E "output.elasticsearch.hosts=['http://myhost:9200']"
This setting is applied to the currently running Journalbeat process. The Journalbeat configuration file is not changed.
-
-c, --c FILE
-
Specifies the configuration file to use for Journalbeat. The file you specify
here is relative to
path.config
. If the-c
flag is not specified, the default config file,journalbeat.yml
, is used. -
-d, --d SELECTORS
-
Enables debugging for the specified selectors. For the selectors, you can
specify a comma-separated
list of components, or you can use
-d "*"
to enable debugging for all components. For example,-d "publish"
displays all the "publish" related messages. -
-e, --e
- Logs to stderr and disables syslog/file output.
-
--path.config
- Sets the path for configuration files. See the Directory layout section for details.
-
--path.data
- Sets the path for data files. See the Directory layout section for details.
-
--path.home
- Sets the path for miscellaneous files. See the Directory layout section for details.
-
--path.logs
- Sets the path for log files. See the Directory layout section for details.
-
--strict.perms
-
Sets strict permission checking on configuration files. The default is
-strict.perms=true
. See Config file ownership and permissions in the Beats Platform Reference for more information. -
-v, --v
- Logs INFO-level messages.