How to install and configure Filebeat for Log Analysis in Ubuntu

Filebeat is a log data shipper for local files. Filebeat monitors the log directories or specific log files, tails the files, and forwards them either to Elasticsearch or Logstash for indexing. Filebeat is installed as an agent.

Before installing Filebeat module, you need to install and configure the Elastic stack. See How to install and configure ELK stack in Ubuntu

Install Filebeat from previously added Elastic repository by runnnig following command

$ sudo apt-get update && sudo apt-get install filebeat

To configure Filebeat to start automatically during boot, run:

$ sudo update-rc.d filebeat defaults 95 10

Check version of Filebeat by running following command

$ filebeat version

You should see something like the following

filebeat version 6.2.4 (amd64), libbeat 6.2.4