All Collections
Logs Management
Sending Data
How do I ship system logs to my stack using Metricbeat?
How do I ship system logs to my stack using Metricbeat?

Learn how to ship logs and load and view dashboards

Carol Smith avatar
Written by Carol Smith
Updated over a week ago is a log management and analysis platform that allows you to centralise and analyse your logs and metrics from various sources such as applications, servers, and cloud platforms. Our platform provides real-time log analysis, powerful search capabilities, custom dashboards, and alerts for issues and anomalies.

We have created a step by step tutorial to walk you through the process of shipping your system logs to your stack using Metricbeat below.

In this guide, you can find out how to:

Ship system logs to your stack using Metricbeat

  1. On step 3 of the Guide Me, select ‘Send Logs’ to configure a new data source for your stack.

  2. Select ‘Send Logs’ to start shipping logs to your stack. This will open a new tab showing integration guides for all data sources.

  3. Select 'Metricbeat' from the filtered list. Metricbeat is a good tool for quickly getting started sending log data to your stack from your machine.

  4. Each data source integration provides you with step-by-step instructions to make it easy to start shipping data. For this guide we will configure Metricbeat on a local MacOS device. Select 'Install Metricbeat'

  5. Copy the relevant curl command depending on your system and paste it in your terminal, this will download the lightweight Metricbeat shipper to your destination folder.

    curl -L -O 
    tar xzvf metricbeat-8.6.2-darwin-x86_64.tar.gz

  6. To proceed with the Metricbeat integration, after the download completes, follow step two in the integration guide, which involves overwriting the yml configuration file with the pre-configured Metricbeat configuration file provided.

    ############# Metricbeat Configuration ################## ================== Modules configuration =====================

    # Glob pattern for configuration loading
    path: ${path.config}/modules.d/*.yml

    # Set to true to enable config reloading
    reload.enabled: false

    # Period on which files under path should be checked for changes
    #reload.period: 10s
    # ======================= Elasticsearch template setting =======================
    index.number_of_shards: 1
    index.codec: best_compression
    #_source.enabled: false

    # ================================== Outputs ===================================
    # ------------------------------ Logstash Output -------------------------------

    hosts: ["your-logstash-host:your-beats-ssl-port"]
    loadbalance: true
    ssl.enabled: true

    # ================================= Processors =================================
    - add_host_metadata: ~
    - add_cloud_metadata: ~
    - add_docker_metadata: ~
    - add_kubernetes_metadata: ~

  7. Open the extracted Metricbeat folder and edit the metricbeat.yml file. Replace the file contents with the copied configuration file, which sets your host to point at your stack. Save and close the file.

  8. Continue to step 3 of the source guide to validate the Metricbeat configuration file changes. Copy and run the macOS command, if the file is invalid you will see “error loading config file” and details of how to correct any issues.

    sudo ./metricbeat -e -c metricbeat.yml

    If you see any permissions related issues proceed to step 4 and ensure the correct ownership of the yml files. If the configuration is correct you should see a successful connection to your stack in the terminal. Then, proceed to the next step of the onboarding.

  9. In step 4, we may need to change the ownership of our configuration files and then we can proceed and start Metricbeat. Copy and run the chown commands as shown.

    sudo chown root metricbeat.yml
    sudo chown root modules.d/system.yml

    sudo ./metricbeat -e

  10. If the configuration is correct you should see a successful connection to your stack in the terminal as shown below.

11. We can then return to the next step in the onboarding process, return to the other browser tab to continue the guide.

12. Continue to Step 5 of the onboarding process, you can invite teammates to the same account if needed (you can also do this later too) then choose ‘Go to my Dashboard’.

13. Select ‘Launch Logs’ to return you to the Discover view on your dashboard. Success! You should now see Metricbeat data flowing into your stack.

Adding a dashboard to your trial stack

  1. Choose ‘Guide me’ in the left hand menu or at the top of your screen, and go to Step 4 ‘Choose Dashboards’

  2. Select ‘System’ under ‘Metrics Management Dashboards’ for predefined dashboards to visualise system metrics from the Metricbeat shipper we've just configured.

  3. Now return to the dashboard and choose ‘Launch logs’.

  4. You can view the dashboards you just loaded in the stack from the left menu. You will see you have a number of Metricbeat dashboards now available to you. I’m going to open the one called [Metricbeat System] Overview ECS

In minutes, lets you send, filter, analyse and quickly derive value from your data.

What Next?

Did this answer your question?