Introduction to Elastic Stack Beats

So far, in our previous post, we explained how to deploy Elasticsearch and Kibana. But how is information sent to Elasticsearch? The answer is simple. Using either Beats or Logstash. In this post, we will give a brief introduction to Beats.

In simple words, Beats are open source data shippers, installed as agents on servers to send operational data to Elasticsearch. Elastic provides the following Beats for capturing:

• Auditbeat: Audit the activities of users and processes on your systems with the help of this lightweight shipper that you install on your servers.
• Filebeat: Monitors the log files or locations that you specify, collects log events, and forwards them either to Elasticsearch or Logstash for indexing.
• Heartbeat: Periodically check the status of your services and determine whether they are available.
• Metricbeat: Periodically collect metrics from your server’s operating system and from services running on the server with this lightweight shipper.
• Packetbeat: A real-time network packet analyzer that provides an application monitoring and performance analytics system.
• Functionbeat: An Elastic Beat that you deploy as a function in your serverless environment to collect data from cloud services and ship it to the Elastic Stack.
• Winlogbeat: Ships Windows event logs to Elasticsearch or Logstash. You can install it as a Windows service.

Beats can send data directly to Elasticsearch or via Logstash, where you can further process and enhance the data, before visualizing it in Kibana.

In our following articles, we will go deeper into some of these Beats. The first one we will go through is Filebeat, as we will use it to send some test data to our single node Elastic Stack cluster that we deployd in our previous post.