explaingit

elastic/beats

12,615GoAudience · ops devopsComplexity · 3/5Setup · moderate

TLDR

A collection of lightweight data shippers you install on servers to collect logs, metrics, and network traffic and forward them to Elasticsearch or Logstash for storage and analysis.

Mindmap

mindmap
  root((Elastic Beats))
    What it does
      Ship server data
      Minimal resources
      No extra software
    Official Beats
      Filebeat logs
      Metricbeat metrics
      Packetbeat network
      Heartbeat uptime
    Destinations
      Elasticsearch
      Logstash pipeline
      Kibana dashboards
    Custom Beats
      libbeat Go library
      Community Beats
    Languages
      Written in Go
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Ship log files from your servers to Elasticsearch in real time using Filebeat with minimal CPU and memory overhead.

USE CASE 2

Monitor system CPU, memory, and disk metrics across your fleet using Metricbeat and visualize them in Kibana.

USE CASE 3

Check whether your services and URLs are up by running Heartbeat to periodically ping them.

USE CASE 4

Build a custom data shipper for a data source not covered by official Beats using the libbeat Go library.

Tech stack

Go

Getting it running

Difficulty · moderate Time to first run · 30min

Requires a running Elasticsearch or Logstash instance to receive data, pre-compiled binaries available for all supported platforms.

In plain English

Beats is a collection of small programs you install on your servers to collect data and send it to a central location for storage and analysis. Each individual Beat is purpose-built for one kind of data: log files, system metrics, network traffic, Windows event logs, or uptime checks. The collected data gets forwarded to Elasticsearch (a search and storage engine) or to Logstash (a data processing pipeline), where it can be explored through Kibana (a dashboard tool). All three of those belong to the same Elastic Stack family. The design goal is minimal resource use. Beats are written in Go, have a small installation size, and require no additional software to run on the host. You drop them onto a server, configure what to collect, and they start shipping data. The repository contains several officially supported Beats. Filebeat watches log files and ships new entries as they appear. Metricbeat pulls performance numbers from the operating system and from services like databases or web servers. Packetbeat inspects network packets to show which services are talking to each other and how fast. Heartbeat periodically pings URLs or services to check whether they are up. Auditbeat reads Linux audit logs and monitors file changes. Winlogbeat ships Windows Event logs. Osquerybeat runs Osquery, a tool that lets you query system information using SQL-like statements. The repository also includes libbeat, a Go library for building your own custom Beat if none of the official ones cover your needs. A community list of third-party Beats exists on the Elastic website. Pre-compiled binaries and packages for supported platforms are available for download without building from source. Documentation and setup guides for each Beat live on the Elastic website rather than in this repository. Support questions go to the Elastic discussion forums, GitHub issues are reserved for confirmed bugs and feature requests.

Copy-paste prompts

Prompt 1
How do I install Filebeat on a Linux server, configure it to watch /var/log/nginx/access.log, and send logs to my Elasticsearch cluster?
Prompt 2
How do I set up Metricbeat to collect CPU and memory metrics from a Docker host and send them to Elasticsearch?
Prompt 3
How does Heartbeat work, show me a config to monitor three URLs every 30 seconds and alert when one goes down.
Prompt 4
How do I use libbeat in Go to build a custom Beat that reads from a custom log format and ships events to Elasticsearch?
Prompt 5
How do I configure Packetbeat to capture HTTP traffic between my microservices and display it in Kibana?
Open on GitHub → Explain another repo

← elastic on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.