- Journalbeat Reference for 6.5-7.15:
- Overview
- Getting started with Journalbeat
- Setting up and running Journalbeat
- Configuring Journalbeat
- Configure inputs
- Specify general settings
- Configure the internal queue
- Configure the output
- Set up index lifecycle management
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Set up project paths
- Set up the Kibana endpoint
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- journalbeat.reference.yml
- Exported fields
- Monitoring Journalbeat
- Securing Journalbeat
- Troubleshooting
This functionality is experimental and may be changed or removed completely in a
future release. Elastic will take a best effort approach to fix any issues, but
experimental features are not subject to the support SLA of official GA
features.
Journalbeat overview
editJournalbeat overview
editJournalbeat is a lightweight shipper for forwarding and centralizing log data from systemd journals. Installed as an agent on your servers, Journalbeat monitors the journal locations that you specify, collects log events, and forwards them to either to Elasticsearch or Logstash.
Journalbeat is an Elastic Beat. It’s
based on the libbeat framework. For more information, see the
Beats Platform Reference.
Compatibility
editJournalbeat requires systemd v233 or later. Versions prior to systemd v233 have a defect that prevents Journalbeat from reading rotated journals.
On this page
Was this helpful?
Thank you for your feedback.