Filebeat is the easiest way to get logs from files in your system to Logz.io, and it’s the tool we recommend for most situations.

This page is a general reference for Filebeat. If you need instructions for a specific log source (such as nginx, MySQL, or Wazuh), see Log shipping sources.

Configuration tl;dr

Item Description
Files Sample configuration
Logz.io public certificate
Listener Port 5015. For help finding your region’s listener host, see Account region.

Configure Filebeat on macOS or Linux

Before you begin, you’ll need: Filebeat 7 or Filebeat 6

Download the Logz.io public certificate

For HTTPS shipping, download the Logz.io public certificate to your certificate authority folder.

sudo curl https://raw.githubusercontent.com/logzio/public-certificates/master/AAACertificateServices.crt --create-dirs -o /etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt
Make your configuration file

Make your configuration file using the Filebeat configuration wizard.

To use the Filebeat configuration wizard, click Configuration wizard on the Filebeat for macOS/Linux log shipping page. You must be logged in to Logz.io.

Move the configuration file to the Filebeat folder

Move the configuration file to /etc/filebeat/filebeat.yml.

Start Filebeat

Start or restart Filebeat for the changes to take effect.

Check Logz.io for your logs

Give your logs some time to get from your system to ours, and then open Kibana.

If you still don’t see your logs, see log shipping troubleshooting.