Specify which modules to run

edit

Using Filebeat modules is optional. You may decide to set up prospectors manually if you are using a log file type that isn’t supported, or you want to use a different setup.

Filebeat modules provide a quick way for you to get started processing common log formats. They contain default configurations, Elasticsearch ingest node pipeline definitions, and Kibana dashboards to help you implement and deploy a log monitoring solution.

Filebeat provides a few different ways to enable modules. You can:

On systems with POSIX file permissions, all Beats configuration files are subject to ownership and file permission checks. For more information, see Config File Ownership and Permissions in the Beats Platform Reference.

When you enable modules, you can also specify variable settings to change the default behavior of the modules, and you can specify advanced settings to override prospector settings.

Before running Filebeat with modules enabled, make sure you also set up the environment to use Kibana dashboards. See Quick start for common log formats for more information.

Enable module configs in the modules.d directory

edit

The modules.d directory contains default configurations for all the modules available in Filebeat. You can enable or disable specific module configurations under modules.d by running the modules enable or modules disable commands.

For example, to enable the apache2 and mysql configs in the modules.d directory, you use:

./filebeat modules enable apache2 mysql

Then when you run Filebeat, it loads the corresponding module configurations specified in the modules.d directory (for example, modules.d/apache2.yml and modules.d/mysql.yml).

To see a list of enabled and disabled modules, run:

./filebeat modules list

The default module configurations assume that the logs you’re harvesting are in the location expected for your OS and that the behavior of the module is appropriate for your environment. To change the default configurations, you need to specify variable settings. See Specify variable settings.

Enable modules when you run Filebeat

edit

To enable specific modules when you run Filebeat at the command line, you can use the --modules flag. This approach works well when you’re getting started and want to specify different modules and settings each time you run Filebeat. Any modules specified at the command line will be loaded along with any modules that are enabled in the configuration file or modules.d directory. If there’s a conflict, the configuration specified at the command line is used.

The following example shows how to enable and run the nginx,mysql, and system modules.

./filebeat -e --modules nginx,mysql,system

The default module configurations assume that the logs you’re harvesting are in the location expected for your OS and that the behavior of the module is appropriate for your environment. To change the default configurations, you need to specify variable settings. See Specify variable settings.

Enable module configs in the filebeat.yml file

edit

When possible, you should use the config files in the modules.d directory.

However, enabling modules directly in the config file is a practical approach if you have upgraded from a previous version of Filebeat and don’t want to move your module configs to the modules.d directory. You can continue to configure modules in the filebeat.yml file, but you won’t be able to use the modules command to enable and disable configurations because the command requires the modules.d layout.

To enable specific modules in the filebeat.yml config file, you can add entries to the filebeat.modules list. Each entry in the list begins with a dash (-) and is followed by settings for that module.

The following example shows a configuration that runs the nginx,mysql, and system modules.

filebeat.modules:
- module: nginx
- module: mysql
- module: system

The default module configurations assume that the logs you’re harvesting are in the location expected for your OS and that the behavior of the module is appropriate for your environment. To change the default configurations, you need to specify variable settings. See Specify variable settings.