Filebeat is a light weight agent on server for log data shipping, which can monitors log files, log directories changes and forward log lines to different target Systems like Logstash, Kafka ,elasticsearch or files etc.
Filebeat work like tail command in Unix/Linux.
Latest Filebeat Version : 5.3
Why Filebeat ?
- Lightweight agent for shipping logs.
- Forward and centralize files and logs.
- Robust (Not miss a single beat)
How Filebeat Work?
Filebeat starts prospectors to locate corresponding to each log file path mentioned in filebeat configuration file. Filebeat start a periodic harvester, which identify changes on file based on inode value, do tail to read change logs and send it to spooler to aggregate it. Processors (If configure) will perform different operation based on condition in spooler. Spooler send this aggregated data to target Systems like Logstash, Kafka, Elasticsearch or files etc.
Filebeat Download Link: Filebeat Download
Leave you feedback to enhance more on this topic so that make it more helpful for others.