{"id":588,"date":"2021-12-31T18:04:38","date_gmt":"2021-12-31T18:04:38","guid":{"rendered":"https:\/\/www.canchito-dev.com\/public\/blog\/?p=588"},"modified":"2022-01-26T09:49:33","modified_gmt":"2022-01-26T09:49:33","slug":"deploying-filebeat-in-docker","status":"publish","type":"post","link":"http:\/\/www.canchito-dev.com\/public\/blog\/2021\/12\/31\/deploying-filebeat-in-docker\/","title":{"rendered":"Deploying Filebeat in docker"},"content":{"rendered":"<h1>Deploying Filebeat in docker<\/h1>\n<div class=\"perfect-pullquote vcard pullquote-align-full pullquote-border-placement-left\"><blockquote><p><\/p>\n<p>Learn about Filebeat and how it interact with the rest of the Elastic Stack components while you deploy it using docker.<\/p>\n<p><\/p><\/blockquote><\/div>\n<div><a class=\"donate-with-crypto\" href=\"https:\/\/commerce.coinbase.com\/checkout\/faf64f90-2e80-46ee-aeba-0fde14cbeb46\"><br \/>\nBuy Me a Coffee<br \/>\n<\/a><br \/>\n<script src=\"https:\/\/commerce.coinbase.com\/v1\/checkout.js?version=201807\">\n  <\/script><\/div>\n<p>&nbsp;<\/p>\n<h2>What you\u2019ll need<\/h2>\n<ul>\n<li>About 30 minutes<\/li>\n<li>Docker Desktop for you operating system already installed. For this tutorial, we used Docker Desktop for Windows. You can download it from <a href=\"https:\/\/docs.docker.com\/docker-for-windows\/install\/\">here<\/a>.<\/li>\n<\/ul>\n<h2>Introduction to Filebeat<\/h2>\n<p style=\"text-align: justify;\">Filebeat is part of Elastic Stack Beat. With this Beat, you can monitor your log files or the paths that you specify, collect log events and send them to either Elasticsearch for indexing or Logstash for enriching them.<\/p>\n<p style=\"text-align: justify;\">But, how does Filebeat exactly works? When this Beat is started, it looks for logs in the locations that you specified. This location is known as an input. For each log that it finds, it starts a harvester. In other words, an input is responsible for managing the harvesters and finding all sources to read from, while a harvester is responsible for reading the content of a single file. The harvester reads each file, line by line, and sends the content to the output.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"604\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2021\/12\/31\/deploying-filebeat-in-docker\/filebeat_overview\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_overview.png\" data-orig-size=\"912,707\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Filebeat Overview\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Filebeat Overview&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_overview.png\" class=\"aligncenter wp-image-604 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_overview.png\" alt=\"CANCHITO-DEV: Filebeat Overview\" width=\"912\" height=\"707\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_overview.png 912w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_overview-300x233.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_overview-768x595.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_overview-624x484.png 624w\" sizes=\"auto, (max-width: 912px) 100vw, 912px\" \/><\/p>\n<p style=\"text-align: justify;\">The harvester output is <code class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">libbeat<\/code>,\u00a0which aggregates the events and sends the aggregated data to the output that you\u2019ve configured for Filebeat.<\/p>\n<p style=\"text-align: justify;\"><code class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">libbeat<\/code> is a framework for building Beats written in Go and containing the common packages for all the Beats.<\/p>\n<h2>Deploying Filebeat in Docker<\/h2>\n<p style=\"text-align: justify;\">So far, we already have deployed Elasticsearch and Kibana. If you navigate to <a href=\"http:\/\/localhost:5601\/app\/monitoring\">Management &gt; Stack Monitoring<\/a>, you can see the status of your cluster. After we deploy Filebeat, we will be able to monitor it from here too.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"592\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2021\/12\/31\/deploying-filebeat-in-docker\/management_stack_monitoring\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring.png\" data-orig-size=\"5114,1736\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Kibana&amp;#8217;s Management &gt; Stack Monitoring\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Kibana&amp;#8217;s Management &gt; Stack Monitoring&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring-1024x348.png\" class=\"aligncenter wp-image-592 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring.png\" alt=\"CANCHITO-DEV: Kibana's Management &gt; Stack Monitoring\" width=\"5114\" height=\"1736\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring.png 5114w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring-300x102.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring-1024x348.png 1024w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring-768x261.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring-1536x521.png 1536w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring-2048x695.png 2048w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring-624x212.png 624w\" sizes=\"auto, (max-width: 5114px) 100vw, 5114px\" \/><\/p>\n<p style=\"text-align: justify;\">Let&#8217;s start by adding a folder which will have Filebeat&#8217;s files. The changes in the project should be highlighted.<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-highlight=\"6-8,14\">elastic-stack-demo\r\n  +- elasticsearch-single-node-cluster\r\n       +- elasticsearch\r\n       |    +- Dockerfile-elasticsearch-single-node\r\n       |    +- elasticsearch-single-node.yml\r\n       +-filebeat\r\n       |    +- Dockerfile\r\n       |    +- filebeat-to-elasticsearch.yml\r\n       +-kibana\r\n       |    +- Dockerfile-kibana-single-node\r\n       |    +- kibana-single-node.yml\r\n       +- .env\r\n       +- docker-compose-es-single-node.yml\r\n       +- docker-compose-filebeat-to-elasticseach.yml\r\n<\/pre>\n<p>The first file we will be creating is the <code class=\"EnlighterJSRAW\" data-enlighter-language=\"yaml\">Dockerfile<\/code>. Created it under <code class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">elastic-stack-single-node-cluster\/filebeat\/<\/code>, and paste the following code:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"yaml\">ARG ELK_VERSION\r\nFROM docker.elastic.co\/beats\/filebeat:${ELK_VERSION}\r\n\r\nARG FILEBEAT_CONFIG\r\n\r\n# add custom configuration\r\nCOPY --chown=root:filebeat ${FILEBEAT_CONFIG}.yml \/usr\/share\/filebeat\/filebeat.yml<\/pre>\n<p style=\"text-align: justify;\">You might notice that we have passed the name of Filebeat&#8217;s configuration file as argument. This is because Filebeat can be configured in several ways, and in upcoming posts, we will be explaining these options. So, we have decided to parameterize it.<\/p>\n<p style=\"text-align: justify;\">Next, we need the configuration file. Since for now, we will send the collected data directly to Elasticsearch, we will call the <code class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">YAML<\/code> file like <code class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">filebeat-to-elasticsearch.yml<\/code>. Here is the code you will need:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"yaml\">######################## Filebeat Configuration ############################\r\n# You can find the full configuration reference here:\r\n# https:\/\/www.elastic.co\/guide\/en\/beats\/filebeat\/index.html\r\n\r\n# ========================== Filebeat global options ===========================\r\n# Enable filebeat config reloading\r\nfilebeat.config:\r\n  modules:\r\n    path: ${path.config}\/modules.d\/*.yml\r\n    reload.enabled: false\r\n\r\n# =========================== Filebeat autodiscover ============================\r\n# Autodiscover allows you to detect changes in the system and spawn new modules\r\n# or inputs as they happen.\r\nfilebeat.autodiscover:\r\n  # List of enabled autodiscover providers\r\n  providers:\r\n    - type: docker\r\n      hints.enabled: true\r\n\r\n# ================================= Processors =================================\r\n# Processors are used to reduce the number of fields in the exported event or to\r\n# enhance the event with external metadata. This section defines a list of\r\n# processors that are applied one by one and the first one receives the initial\r\n# event:\r\n#\r\n#   event -&gt; filter1 -&gt; event1 -&gt; filter2 -&gt;event2 ...\r\n#\r\n# The supported processors are drop_fields, drop_event, include_fields,\r\n# decode_json_fields, and add_cloud_metadata.\r\nprocessors:\r\n  # The following example enriches each event with docker metadata, it matches\r\n  # container id from log path available in `source` field (by default it expects\r\n  # it to be \/var\/lib\/docker\/containers\/*\/*.log).\r\n  - add_docker_metadata: ~\r\n  # The following example enriches each event with host metadata.\r\n  - add_host_metadata: ~\r\n\r\n# ================================== Outputs ===================================\r\n# Configure what output to use when sending the data collected by the beat.\r\n# ---------------------------- Elasticsearch Output ----------------------------\r\noutput.elasticsearch:\r\n  # Boolean flag to enable or disable the output module.\r\n  enabled: true\r\n  # Array of hosts to connect to.\r\n  # Scheme and port can be left out and will be set to the default (http and 9200)\r\n  # In case you specify and additional path, the scheme is required: http:\/\/localhost:9200\/path\r\n  # IPv6 addresses should always be defined as: https:\/\/[2001:db8::1]:9200\r\n  hosts: ['elasticsearch-demo:9200']\r\n\r\n# ================================= Dashboards =================================\r\n# These settings control loading the sample dashboards to the Kibana index. Loading\r\n# the dashboards are disabled by default and can be enabled either by setting the\r\n# options here, or by using the `-setup` CLI flag or the `setup` command.\r\nsetup.dashboards.enabled: true\r\n\r\n# =================================== Kibana ===================================\r\n# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.\r\n# This requires a Kibana endpoint configuration.\r\nsetup.kibana:\r\n  # Kibana Host\r\n  # Scheme and port can be left out and will be set to the default (http and 5601)\r\n  # In case you specify and additional path, the scheme is required: http:\/\/localhost:5601\/path\r\n  # IPv6 addresses should always be defined as: https:\/\/[2001:db8::1]:5601\r\n  host: \"kibana-demo:5601\"\r\n\r\n# ================================== Logging ===================================\r\n# There are four options for the log output: file, stderr, syslog, eventlog\r\n# The file output is the default.\r\n# Sets log level. The default log level is info.\r\n# Available log levels are: error, warning, info, debug\r\nlogging.level: info\r\n\r\n# Write Filebeat own logs only to file to avoid catching them with itself in docker log files\r\n# When true, writes all logging output to files. The log files are automatically rotated when the\r\n# log file size limit is reached.\r\nlogging.to_files: false\r\n\r\n# When true, writes all logging output to the syslog. This option is not supported on Windows.\r\nlogging.to_syslog: false\r\n\r\n# ============================= X-Pack Monitoring ==============================\r\n# Filebeat can export internal metrics to a central Elasticsearch monitoring\r\n# cluster.  This requires xpack monitoring to be enabled in Elasticsearch.  The\r\n# reporting is disabled by default.\r\n\r\n# Set to true to enable the monitoring reporter.\r\nmonitoring.enabled: true\r\n\r\n# Uncomment to send the metrics to Elasticsearch. Most settings from the\r\n# Elasticsearch output are accepted here as well.\r\n# Note that the settings should point to your Elasticsearch *monitoring* cluster.\r\n# Any setting that is not set is automatically inherited from the Elasticsearch\r\n# output configuration, so if you have the Elasticsearch output configured such\r\n# that it is pointing to your Elasticsearch monitoring cluster, you can simply\r\n# uncomment the following line.\r\nmonitoring.elasticsearch:\r\n  # Array of hosts to connect to.\r\n  # Scheme and port can be left out and will be set to the default (http and 9200)\r\n  # In case you specify and additional path, the scheme is required: http:\/\/localhost:9200\/path\r\n  # IPv6 addresses should always be defined as: https:\/\/[2001:db8::1]:9200\r\n  #hosts: [\"elasticsearch-demo:9200\"]\r\n\r\n# =============================== HTTP Endpoint ================================\r\n# Each beat can expose internal metrics through a HTTP endpoint. For security\r\n# reasons the endpoint is disabled by default. This feature is currently experimental.\r\n# Stats can be access through http:\/\/localhost:5066\/stats . For pretty JSON output\r\n# append ?pretty to the URL.\r\n# Defines if the HTTP endpoint is enabled.\r\nhttp.enabled: true\r\n\r\n# The HTTP endpoint will bind to this hostname, IP address, unix socket or named pipe.\r\n# When using IP addresses, it is recommended to only use localhost.\r\nhttp.host: filebeat-to-elasticseach-demo\r\n\r\n# Port on which the HTTP endpoint will bind. Default is 5066.\r\nhttp.port: 5066<\/pre>\n<p style=\"text-align: justify;\">As you can see, we have included the description of each configuration option. Hopefully, it will be easier to understand it. However, the main idea behind it, is:<\/p>\n<ul>\n<li style=\"text-align: justify;\">Enable the autodiscover feature, based on hints. Autodiscover allows you to track applications and monitor services as they start running. The hints system looks for hints in Kubernetes Pod annotations or Docker labels that have the prefix\u00a0<code class=\"literal\">co.elastic.logs<\/code>. As soon as the container starts, Filebeat will check if it contains any hints and launch the proper config for it.<\/li>\n<li style=\"text-align: justify;\">Enable providers, which work by watching for events on the system and translating those events into internal autodiscover events with a common format.<\/li>\n<li style=\"text-align: justify;\">Send the collected data to Elasticsearch for indexing.<\/li>\n<li style=\"text-align: justify;\">Automatically create predefined dashboards and load them into Kibana.<\/li>\n<li style=\"text-align: justify;\">Export internal metrics to a central Elasticsearch monitoring cluster, by enabling x-pack monitoring. In our case, we will be using the same cluster.<\/li>\n<li>Enable experimental HTTP endpoint, which exposes internal metrics.<\/li>\n<\/ul>\n<p>Now, we create a separate docker-compose file under <code class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">elastic-stack-single-node-cluster\/<\/code> and name it <code class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">docker-compose-filebeat-to-elasticseach.yml<\/code>.<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"yaml\">version: '3.9'\r\nservices:\r\n  filebeat-to-elasticseach-demo:\r\n    hostname: filebeat-to-elasticseach-demo\r\n    container_name: filebeat-to-elasticseach-demo\r\n    build:\r\n      context: .\/filebeat\r\n      dockerfile: Dockerfile\r\n      args:\r\n        - ELK_VERSION=${ELK_VERSION}\r\n        - FILEBEAT_CONFIG=filebeat-to-elasticseach\r\n    ports:\r\n      - 5166:5066\r\n    # Need to override user so we can access the log files, and docker.sock\r\n    user: root\r\n    volumes:\r\n      - \/var\/run\/docker.sock:\/var\/run\/docker.sock:ro\r\n      # This is needed for filebeat to load container log path as specified in filebeat.yml\r\n      - \/var\/lib\/docker\/containers\/:\/var\/lib\/docker\/containers\/:ro\r\n      # This is needed for filebeat to load logs for system and auth modules\r\n      - \/var\/log\/:\/var\/log\/:ro\r\n    # disable strict permission checks\r\n    command: [ '-e', '-v', '--strict.perms=false' ]\r\n    networks:\r\n      - elastic-stack-service-network\r\n\r\n# Networks to be created to facilitate communication between containers\r\nnetworks:\r\n  elastic-stack-service-network:\r\n    name: elastic-stack-service-network<\/pre>\n<p style=\"text-align: justify;\">For demostration and testing purposes, we are disabling strict permission checks from the command line by using <code class=\"literal\">--strict.perms=false<\/code>, but we strongly encourage you to leave the checks enabled. Specially in production environments.<\/p>\n<p>In addition, see that the Docker logs host folder (<code class=\"literal\">\/var\/lib\/docker\/containers<\/code>) is mounted on the Filebeat container too.<\/p>\n<p>We are almost done. The last thing we need to do, is add labels to Elasticsearch and Kibana services in our <code class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">docker-compose-es-single-node.yml<\/code> file. The file should look like this (see highlighted lines):<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"yaml\" data-enlighter-highlight=\"11-12,35-36\">version: '3.9'\r\nservices:\r\n  elasticsearch-demo:\r\n    hostname: elasticsearch-demo\r\n    container_name: elasticsearch-demo\r\n    build:\r\n      context: .\/elasticsearch\r\n      dockerfile: Dockerfile-single-node\r\n      args:\r\n        - ELK_VERSION=${ELK_VERSION}\r\n      labels:\r\n        co.elastic.logs\/module: \"elasticsearch\"\r\n    ports:\r\n      - 9300:9300\r\n      - 9200:9200\r\n    volumes:\r\n      - data_es_demo:\/usr\/share\/elasticsearch\/data:rw\r\n    environment:\r\n      - \"ES_JAVA_OPTS=-Xms512m -Xmx512m\"\r\n    ulimits:\r\n      memlock:\r\n        soft: -1\r\n        hard: -1\r\n    networks:\r\n      - elastic-stack-service-network\r\n\r\n  kibana-demo:\r\n    hostname: kibana-demo\r\n    container_name: kibana-demo\r\n    build:\r\n      context: .\/kibana\r\n      dockerfile: Dockerfile-single-node\r\n      args:\r\n        - ELK_VERSION=${ELK_VERSION}\r\n      labels:\r\n        co.elastic.logs\/module: \"kibana\"\r\n    ports:\r\n      - 5601:5601\r\n    networks:\r\n      - elastic-stack-service-network\r\n\r\n# Networks to be created to facilitate communication between containers\r\nnetworks:\r\n  elastic-stack-service-network:\r\n    driver: bridge\r\n\r\n# Volumes\r\nvolumes:\r\n  data_es_demo:\r\n    driver: local<\/pre>\n<p style=\"text-align: justify;\">We are finally ready to start Filebeat. To do so, execute the following commands:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">$ cd elastic-stack-demo\/elastic-stack-single-node-cluster\r\n\r\n$ docker-compose -f docker-compose-filebeat-to-elasticseach.yml up -d<\/pre>\n<p>Once up, wait for a while and than navigate to <a href=\"http:\/\/localhost:5601\/app\/monitoring\">Management &gt; Stack Monitoring<\/a>. You should see the status of your cluster, and a new section that includes the status of your Beats, as well as a summary of the logs registered by monitoring your cluster.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"598\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2021\/12\/31\/deploying-filebeat-in-docker\/management_stack_monitoring_with_filebeat\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring_with_filebeat.png\" data-orig-size=\"5108,2234\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Kibana&amp;#8217;s Management &gt; Stack Monitoring with Filebeat\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Kibana&amp;#8217;s Management &gt; Stack Monitoring with Filebeat&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring_with_filebeat-1024x448.png\" class=\"aligncenter wp-image-598 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring_with_filebeat.png\" alt=\"CANCHITO-DEV: Kibana's Management &gt; Stack Monitoring with Filebeat\" width=\"5108\" height=\"2234\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring_with_filebeat.png 5108w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring_with_filebeat-300x131.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring_with_filebeat-1024x448.png 1024w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring_with_filebeat-768x336.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring_with_filebeat-1536x672.png 1536w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring_with_filebeat-2048x896.png 2048w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/management_stack_monitoring_with_filebeat-624x273.png 624w\" sizes=\"auto, (max-width: 5108px) 100vw, 5108px\" \/><\/p>\n<p>Then, visit the <a href=\"http:\/\/localhost:5601\/app\/dashboards#\/list\">Analytics &gt; Dashboard<\/a> section. You should see a list of dashboards that were automatically created by Filebeat when it was started.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"597\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2021\/12\/31\/deploying-filebeat-in-docker\/filebeat_dashboard\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_dashboard.png\" data-orig-size=\"2862,2604\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Kibana&amp;#8217;s Analytics &gt; Dashboard for Filebeat\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Kibana&amp;#8217;s Analytics &gt; Dashboard for Filebeat&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_dashboard-1024x932.png\" class=\"aligncenter wp-image-597 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_dashboard.png\" alt=\"CANCHITO-DEV: Kibana's Analytics &gt; Dashboard for Filebeat\" width=\"2862\" height=\"2604\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_dashboard.png 2862w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_dashboard-300x273.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_dashboard-1024x932.png 1024w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_dashboard-768x699.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_dashboard-1536x1398.png 1536w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_dashboard-2048x1863.png 2048w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/filebeat_dashboard-624x568.png 624w\" sizes=\"auto, (max-width: 2862px) 100vw, 2862px\" \/><\/p>\n<p style=\"text-align: justify;\">One last check, visit <a href=\"http:\/\/localhost:5601\/app\/monitoring\">Stack Management &gt; Index Management<\/a>. You should see an index which name starts with <code class=\"literal\">filebeat<\/code>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"599\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2021\/12\/31\/deploying-filebeat-in-docker\/stack_management_index_management\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/stack_management_index_management.png\" data-orig-size=\"5110,1956\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Kibana&amp;#8217;s Stack Management &gt; Index Management with Filebeat&amp;#8217;s index\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Kibana&amp;#8217;s Stack Management &gt; Index Management with Filebeat&amp;#8217;s index&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/stack_management_index_management-1024x392.png\" class=\"aligncenter wp-image-599 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/stack_management_index_management.png\" alt=\"CANCHITO-DEV: Kibana's Stack Management &gt; Index Management with Filebeat's index\" width=\"5110\" height=\"1956\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/stack_management_index_management.png 5110w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/stack_management_index_management-300x115.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/stack_management_index_management-1024x392.png 1024w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/stack_management_index_management-768x294.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/stack_management_index_management-1536x588.png 1536w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/stack_management_index_management-2048x784.png 2048w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/stack_management_index_management-624x239.png 624w\" sizes=\"auto, (max-width: 5110px) 100vw, 5110px\" \/><\/p>\n<p>If you would like to see the indexed logs, go to <a href=\"http:\/\/localhost:5601\/app\/monitoring\">Analytics &gt; Discover<\/a>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"601\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2021\/12\/31\/deploying-filebeat-in-docker\/analytics_discover_filebeat_index\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/analytics_discover_filebeat_index.png\" data-orig-size=\"3314,2454\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Kibana&amp;#8217;s Analytics &gt; Discover with Filebeat&amp;#8217;s index\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Kibana&amp;#8217;s Analytics &gt; Discover with Filebeat&amp;#8217;s index&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/analytics_discover_filebeat_index-1024x758.png\" class=\"aligncenter wp-image-601 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/analytics_discover_filebeat_index.png\" alt=\"CANCHITO-DEV: Kibana's Analytics &gt; Discover with Filebeat's index\" width=\"3314\" height=\"2454\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/analytics_discover_filebeat_index.png 3314w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/analytics_discover_filebeat_index-300x222.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/analytics_discover_filebeat_index-1024x758.png 1024w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/analytics_discover_filebeat_index-768x569.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/analytics_discover_filebeat_index-1536x1137.png 1536w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/analytics_discover_filebeat_index-2048x1517.png 2048w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/analytics_discover_filebeat_index-624x462.png 624w\" sizes=\"auto, (max-width: 3314px) 100vw, 3314px\" \/><\/p>\n<p>Thats it. We are done. In the following posts, we will be deploying some other Beats.<\/p>\n<h2>Clean Up<\/h2>\n<p>To do a complete clean up, execute this command:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">$ docker-compose -f docker-compose-es-single-node.yml -f docker-compose-filebeat-to-elasticseach.yml down -v\r\n[+] Running 5\/5\r\n \u283f Container filebeat-to-elasticseach-demo                                  Removed                                                                                                                                                                                                                              0.5s\r\n \u283f Container elasticsearch-demo                                             Removed                                                                                                                                                                                                                              3.9s\r\n \u283f Container kibana-demo                                                    Removed                                                                                                                                                                                                                             11.3s\r\n \u283f Volume elastic-stack-single-node-cluster_data_es_demo                    Removed                                                                                                                                                                                                                              0.6s\r\n \u283f Network elastic-stack-single-node-cluster_elastic-stack-service-network  Removed<\/pre>\n<h2 style=\"text-align: justify;\">Summary<\/h2>\n<p style=\"text-align: justify;\">In this post, we have deployed Filebeat in a dockerized environment, using hints with autodiscover to monitor Elasticsearch and Kibana. We hope that this basic guide can be useful for you, and that at least it can be a starting point. We will try to go deeper into Elastic Stack in upcoming posts.<\/p>\n<p style=\"text-align: justify;\">Please feel free to contact us. We will gladly response to any doubt or question you might have. In the mean time, you can download the source code from our official <a href=\"https:\/\/github.com\/canchito-dev\/elastic-stack-demo\">GitHub<\/a> repository.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Learn about Filebeat and how it interact with the rest of the Elastic Stack components while you deploy it using docker.<\/p>\n","protected":false},"author":1,"featured_media":608,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[94,62,74,88,85,84,95,86,1],"tags":[112,104,63,89,106,113],"class_list":["post-588","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-beat","category-docker","category-docker-compose","category-elastic-stack","category-elasticsearch","category-elk","category-filebeat","category-kibana","category-uncategorized","tag-autodiscover","tag-beat","tag-docker","tag-elk","tag-filebeat","tag-hints"],"aioseo_notices":[],"jetpack_featured_media_url":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/beats-logo-color.png","jetpack_shortlink":"https:\/\/wp.me\/p8EwXo-9u","jetpack-related-posts":[{"id":622,"url":"http:\/\/www.canchito-dev.com\/public\/blog\/2022\/01\/16\/getting-started-with-logstash\/","url_meta":{"origin":588,"position":0},"title":"Getting Started with Logstash","author":"canchitodev","date":"January 16, 2022","format":false,"excerpt":"In this post, we give a brief introduction to Logstash.","rel":"","context":"In &quot;Docker&quot;","block_context":{"text":"Docker","link":"http:\/\/www.canchito-dev.com\/public\/blog\/category\/docker\/"},"img":{"alt_text":"CANCHITO-DEV: Kibana's Management > Stack Monitoring with Logstash","src":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/management_stack_monitoring_with_logstash-1024x673.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/management_stack_monitoring_with_logstash-1024x673.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/management_stack_monitoring_with_logstash-1024x673.png?resize=525%2C300 1.5x"},"classes":[]},{"id":564,"url":"http:\/\/www.canchito-dev.com\/public\/blog\/2021\/12\/26\/introduction-to-elastic-stack\/","url_meta":{"origin":588,"position":1},"title":"Introduction to Elastic Stack","author":"canchitodev","date":"December 26, 2021","format":false,"excerpt":"Hello friends! In this post, we will give you a small introduction to Elastic Stack including all the products that build it.","rel":"","context":"In &quot;Beat&quot;","block_context":{"text":"Beat","link":"http:\/\/www.canchito-dev.com\/public\/blog\/category\/elk\/beat\/"},"img":{"alt_text":"CANCHITO-DEV: Elastic Stack architecture in Docker","src":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/docker_elastic_stack_architecture.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/docker_elastic_stack_architecture.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/docker_elastic_stack_architecture.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/docker_elastic_stack_architecture.png?resize=700%2C400 2x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2021\/12\/docker_elastic_stack_architecture.png?resize=1050%2C600 3x"},"classes":[]},{"id":647,"url":"http:\/\/www.canchito-dev.com\/public\/blog\/2022\/01\/31\/know-if-your-service-is-available-with-heartbeat\/","url_meta":{"origin":588,"position":2},"title":"Know if your Service is Available with Heartbeat","author":"canchitodev","date":"January 31, 2022","format":false,"excerpt":"Learn how Heartbeat periodically checks the status of your services and determine whether they are available. All within a dockerized enviroment.","rel":"","context":"In &quot;Beat&quot;","block_context":{"text":"Beat","link":"http:\/\/www.canchito-dev.com\/public\/blog\/category\/elk\/beat\/"},"img":{"alt_text":"CANCHITO-DEV: [Heartbeat] HTTP Monitoring","src":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/heartbeat_dashboard_http_monitoring.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/heartbeat_dashboard_http_monitoring.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/heartbeat_dashboard_http_monitoring.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/heartbeat_dashboard_http_monitoring.png?resize=700%2C400 2x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/heartbeat_dashboard_http_monitoring.png?resize=1050%2C600 3x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/heartbeat_dashboard_http_monitoring.png?resize=1400%2C800 4x"},"classes":[]},{"id":665,"url":"http:\/\/www.canchito-dev.com\/public\/blog\/2022\/02\/05\/audit-the-activities-of-users-and-processes-on-your-systems-with-auditbeat\/","url_meta":{"origin":588,"position":3},"title":"Audit the activities of users and processes on your systems with Auditbeat","author":"canchitodev","date":"February 5, 2022","format":false,"excerpt":"Get to know Auditbeat and learn how it can help you by auditing the activities of the users and processes on your systems. All within a dockerized enviroment.","rel":"","context":"In &quot;Auditbeat&quot;","block_context":{"text":"Auditbeat","link":"http:\/\/www.canchito-dev.com\/public\/blog\/category\/elk\/auditbeat\/"},"img":{"alt_text":"CANCHITO-DEV: Kibana's Management > Stack Monitoring Complete","src":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/02\/stack_monitoring_whole_architecture.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/02\/stack_monitoring_whole_architecture.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/02\/stack_monitoring_whole_architecture.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/02\/stack_monitoring_whole_architecture.png?resize=700%2C400 2x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/02\/stack_monitoring_whole_architecture.png?resize=1050%2C600 3x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/02\/stack_monitoring_whole_architecture.png?resize=1400%2C800 4x"},"classes":[]},{"id":636,"url":"http:\/\/www.canchito-dev.com\/public\/blog\/2022\/01\/27\/collect-metrics-with-metricbet\/","url_meta":{"origin":588,"position":4},"title":"Collect Metrics with Metricbet","author":"canchitodev","date":"January 27, 2022","format":false,"excerpt":"Learn how you could use Metricbeat to monitor your servers by collecting metrics from the system and services running on the server.","rel":"","context":"In &quot;Beat&quot;","block_context":{"text":"Beat","link":"http:\/\/www.canchito-dev.com\/public\/blog\/category\/elk\/beat\/"},"img":{"alt_text":"CANCHITO-DEV: [Metricbeat System] Host overview ECS","src":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/metricbeat_system_dashboard__host_overview_ecs.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/metricbeat_system_dashboard__host_overview_ecs.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/metricbeat_system_dashboard__host_overview_ecs.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/metricbeat_system_dashboard__host_overview_ecs.png?resize=700%2C400 2x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/metricbeat_system_dashboard__host_overview_ecs.png?resize=1050%2C600 3x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/metricbeat_system_dashboard__host_overview_ecs.png?resize=1400%2C800 4x"},"classes":[]},{"id":654,"url":"http:\/\/www.canchito-dev.com\/public\/blog\/2022\/01\/31\/capturing-the-network-traffic-with-packetbeat\/","url_meta":{"origin":588,"position":5},"title":"Capturing the network traffic with Packetbeat","author":"canchitodev","date":"January 31, 2022","format":false,"excerpt":"Discover how Packetbeat sniffs the traffic between your servers, parses the application-level protocols on the fly, and correlates the messages into transactions. All within a dockerized enviroment.","rel":"","context":"In &quot;Beat&quot;","block_context":{"text":"Beat","link":"http:\/\/www.canchito-dev.com\/public\/blog\/category\/elk\/beat\/"},"img":{"alt_text":"CANCHITO-DEV: [Packetbeat] Overview ECS","src":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/packetbeat_dashboard_overview_ecs.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/packetbeat_dashboard_overview_ecs.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/packetbeat_dashboard_overview_ecs.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/packetbeat_dashboard_overview_ecs.png?resize=700%2C400 2x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/packetbeat_dashboard_overview_ecs.png?resize=1050%2C600 3x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2022\/01\/packetbeat_dashboard_overview_ecs.png?resize=1400%2C800 4x"},"classes":[]}],"jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/posts\/588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/comments?post=588"}],"version-history":[{"count":11,"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/posts\/588\/revisions"}],"predecessor-version":[{"id":640,"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/posts\/588\/revisions\/640"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/media\/608"}],"wp:attachment":[{"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/media?parent=588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/categories?post=588"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/tags?post=588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}