Step 1 - Install
Download the Filebeat Windows zip file from the official downloads page.
Extract the contents of the zip file into C:\Program Files.
Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator). If you are running Windows XP, you may need to download and install PowerShell.
Run the following commands to install Filebeat as a Windows service:
PS > cd 'C:\Program Files\Filebeat' PS C:\Program Files\Filebeat> .\install-service-filebeat.ps1`
Step 2 - Locate the configuration file
Step 3 - Configure the inputs
Setup the data you wish to send us, by editing the prospector path variables.
These fully support wildcards. You can also add a document type.
An example with nginx logs might look like
filebeat.inputs: - type: log enabled: true paths: - C:\inetpub\logs\LogFiles\*\* fields: type: iis fields_under_root: true encoding: utf-8 exclude_lines: ["^#"] exclude_files: [".zip"] ignore_older: 24h
Step 4 - Configure output
We'll be shipping to Logstash so that we have the option to run filters before the data is indexed.
Comment out the elasticsearch output block.
## Comment out elasticsearch output #output.elasticsearch: # hosts: ["localhost:9200"]
Uncomment and change the logstash output to match below.
output.logstash: hosts: ["your-logstash-host:your-port"] loadbalance: true ssl.enabled: true
Step 5 - Validate configuration
Let's check the configuration file is syntactically correct.
Run from the extracted archive dir
filebeat -e -c filebeat.yml
Step 6 - Start filebeat
Ok, time to start ingesting data!
PS C:\Program Files\Filebeat> Start-Service filebeat