Step 5: Starting Filebeat

edit

Start Filebeat by issuing the appropriate command for your platform.

If you use an init.d script to start Filebeat on deb or rpm, you can’t specify command line flags (see Command Line Options). To specify flags, start Filebeat in the foreground.

deb:

sudo /etc/init.d/filebeat start

rpm:

sudo /etc/init.d/filebeat start

docker:

docker run docker.elastic.co/beats/filebeat:5.4.3

mac:

sudo chown root filebeat.yml 
sudo ./filebeat -e -c filebeat.yml -d "publish"

You’ll be running Filebeat as root, so you need to change ownership of the configuration file (see Config File Ownership and Permissions in the Beats Platform Reference).

win:

PS C:\Program Files\Filebeat> Start-Service filebeat

By default, Windows log files are stored in C:\ProgramData\filebeat\Logs.

Filebeat is now ready to send log files to your defined output.