README ¶
Beats - Lightweight shippers for Elasticsearch & Logstash
The Beats are lightweight processes, written in Go, that you install on your servers to capture all sorts of operational data like logs, operating system metrics or network packet data, and to send it to Elasticsearch, either directly or via Logstash, so it can be visualized with Kibana.
This repository contains libbeat and all the officially supported Beats, in the following folders:
Folder | Description |
---|---|
libbeat | The Go framework for creating new Beats |
Topbeat | Like 'top' but inserting the data into Elasticsearch |
Packetbeat | Tap into your wire data |
Filebeat | Lightweight log forwarder to Logstash & Elasticsearch |
Winlogbeat | Sends Windows Event logs |
In addition to the above Beats, which are officially supported by Elastic, the community has created a set of other Beats that make use of libbeat but live outside of this Github repository. We maintain a list of community Beats here.
Documentation and Getting Help
You can find the documentation on the elastic.co site. If you need help, you can open a topic on our discuss forums.
Contributing
We'd love working with you! You can help making the Beats better in many ways: report issues, help us reproduce issues, fix bugs, add functionality, or even create your own Beat.
Please start by reading our CONTRIBUTING file.
If you are creating a new Beat, you don't need to submit the code to this repository. You can simply start working in a new repository and make use of the libbeat packages, by following our developer guide. After you have a working prototype, open a pull request to add your Beat to the list of community Beats.
Directories ¶
Path | Synopsis |
---|---|
harvester
The harvester package harvest different inputs for new information.
|
The harvester package harvest different inputs for new information. |
common/streambuf
The streambuf module provides helpers for buffering multiple packet payloads and some general parsing functions.
|
The streambuf module provides helpers for buffering multiple packet payloads and some general parsing functions. |
filters/nop
Package nop implements a Packetbeat filter that does absolutely nothing.
|
Package nop implements a Packetbeat filter that does absolutely nothing. |
outputs/mode
Package mode defines and implents output strategies with failover or load balancing modes for use by output plugins.
|
Package mode defines and implents output strategies with failover or load balancing modes for use by output plugins. |
protos/applayer
The applayer module provides common definitions with common fields for use with application layer protocols among beats.
|
The applayer module provides common definitions with common fields for use with application layer protocols among beats. |
protos/dns
This file contains the name mapping data used to convert various DNS IDs to their string values.
|
This file contains the name mapping data used to convert various DNS IDs to their string values. |
checkpoint
Package checkpoint persists event log state information to disk so that event log monitoring can resume from the last read event in the case of a restart or unexpected interruption.
|
Package checkpoint persists event log state information to disk so that event log monitoring can resume from the last read event in the case of a restart or unexpected interruption. |
config
Package config provides the winlogbeat specific configuration options.
|
Package config provides the winlogbeat specific configuration options. |
eventlog
Package eventlog provides the means for reading event logs from Windows.
|
Package eventlog provides the means for reading event logs from Windows. |
sys/eventlogging
Package eventlogging provides access to the Event Logging API that was designed for applications that run on the Windows Server 2003, Windows XP, or Windows 2000 operating system.
|
Package eventlogging provides access to the Event Logging API that was designed for applications that run on the Windows Server 2003, Windows XP, or Windows 2000 operating system. |
sys/wineventlog
Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e.
|
Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e. |