Awesome
Beats - The Lightweight Shippers of the Elastic Stack
The Beats are lightweight data shippers, written in Go, that you install on your servers to capture all sorts of operational data (think of logs, metrics, or network packet data). The Beats send the operational data to Elasticsearch, either directly or via Logstash, so it can be visualized with Kibana.
By "lightweight", we mean that Beats have a small installation footprint, use limited system resources, and have no runtime dependencies.
This repository contains libbeat, our Go framework for creating Beats, and all the officially supported Beats:
| Beat | Description |
|---|---|
| Auditbeat | Collect your Linux audit framework data and monitor the integrity of your files. |
| Filebeat | Tails and ships log files |
| Functionbeat | Read and ships events from serverless infrastructure. |
| Heartbeat | Ping remote services for availability |
| Metricbeat | Fetches sets of metrics from the operating system and services |
| Packetbeat | Monitors the network and applications by sniffing packets |
| Winlogbeat | Fetches and ships Windows Event logs |
| Osquerybeat | Runs Osquery and manages interraction with it. |
In addition to the above Beats, which are officially supported by Elastic, the community has created a set of other Beats that make use of libbeat but live outside of this Github repository. We maintain a list of community Beats here.
Documentation and Getting Started
You can find the documentation and getting started guides for each of the Beats on the elastic.co site:
Documentation and Getting Started information for the Elastic Agent
You can find the documentation and getting started guides for the Elastic Agent on the elastic.co site
Getting Help
If you need help or hit an issue, please start by opening a topic on our discuss forums. Please note that we reserve GitHub tickets for confirmed bugs and enhancement requests.
Downloads
You can download pre-compiled Beats binaries, as well as packages for the supported platforms, from this page.
Contributing
We'd love working with you! You can help make the Beats better in many ways: report issues, help us reproduce issues, fix bugs, add functionality, or even create your own Beat.
Please start by reading our CONTRIBUTING file.
Building Beats from the Source
See our CONTRIBUTING file for information about setting up your dev environment to build Beats from the source.
Snapshots
For testing purposes, we generate snapshot builds that you can find here. Please be aware that these are built on top of main and are not meant for production.
CI
PR Comments
It is possible to trigger some jobs by putting a comment on a GitHub PR. (This service is only available for users affiliated with Elastic and not for open-source contributors.)
- beats CI pipeline
/testwill kick off a default build.
PR Labels
It's possible to configure the build on a GitHub PR by labeling the PR with certain labels. Elastic users can find more details at https://docs.elastic.dev/ingest-dev-docs/beats/beats-ci.