Filebeat is the easiest way to get logs from files in your system to, and it’s the tool we recommend for most situations.

This page is a general reference for Filebeat. If you need instructions for a specific log source (such as nginx, MySQL, or Wazuh), see Log shipping sources.

Configuration tl;dr

Item Description
Files Sample configuration public certificate
Listener Port 5015. For help finding your region’s listener host, see Account region.

Configure Filebeat on macOS or Linux

Before you begin, you’ll need: Filebeat 7 or Filebeat 6

Download the public certificate

For HTTPS shipping, download the public certificate to your certificate authority folder.

sudo curl --create-dirs -o /etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt
Make your configuration file

Make your configuration file using the Filebeat configuration wizard.

To use the Filebeat configuration wizard, click Configuration wizard on the Filebeat for macOS/Linux log shipping page. You must be logged in to

Move the configuration file to the Filebeat folder

Move the configuration file to /etc/filebeat/filebeat.yml.

Start Filebeat

Start or restart Filebeat for the changes to take effect.

Check for your logs

Give your logs some time to get from your system to ours, and then open Kibana.

If you still don’t see your logs, see log shipping troubleshooting.