Installing Filebeat on Ubuntu provides a lightweight way to ship logs to Logstash, Elasticsearch, or other outputs. As a small, resource-efficient agent, Filebeat monitors configured log files and sends events downstream.
Integration with systemd allows easy control of Filebeat. Once running, it can be tailored via filebeat.yml to collect and forward logs efficiently.
With Filebeat, centralizing logs becomes simpler, enabling better analysis and troubleshooting.
Steps to install Filebeat on Ubuntu:
- Update apt repositories.
$ sudo apt --quiet update Reading package lists... Done
Keep your system current to avoid compatibility issues.
- Install Filebeat from the official repository.
$ sudo apt --yes install filebeat Reading package lists... Done ... Setting up filebeat (X.X.X) ...
Match Filebeat version with the rest of your Elastic Stack for best results.
- Enable and start the Filebeat service.
$ sudo systemctl enable filebeat Created symlink ... $ sudo systemctl start filebeat (no output)
Check /var/log/filebeat/filebeat for errors if it fails to start.
- Verify Filebeat is running.
$ sudo systemctl status filebeat ● filebeat.service - Filebeat sends log files to Logstash or Elasticsearch. Active: active (running) ...
Filebeat is now ready to be configured for log inputs and outputs.
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
Comment anonymously. Login not required.