This integration requires a UTMStack agent to work properly. Please, make sure you have installed it before you continue.

Elasticsearch is a distributed, RESTful search and analytics engine capable of addressing a growing number of use cases. As the heart of the Elastic Stack, it centrally stores your data for lightning fast search, fine‑tuned relevancy, and powerful analytics that scale with ease.

1. Enable Filebeat module

Linux

cd /opt/utmstack-linux-agent/beats/filebeat/ && ./filebeat modules enable elasticsearch

Windows

cd "C:\Program Files\UTMStack\UTMStack Agent\beats\filebeat\" && filebeat modules enable elasticsearch

2. Configure Filebeat module

Configure the module configuration file according to the image below. You can find it in the path:

Linux

/opt/utmstack-linux-agent/beats/filebeat/modules.d/elasticsearch.yml

Windows

C:\Program Files\UTMStack\UTMStack Agent\beats\filebeat\modules.d\elasticsearch.yml

Important!! After a Filebeat module is enabled, the service needs to be restarted using the following command:

Linux

sudo systemctl restart UTMStackModulesLogsCollector

Windows

sc stop UTMStackModulesLogsCollector && timeout /t 5 && sc start UTMStackModulesLogsCollector

Depending on how you’ve installed Filebeat, you might see errors related to file ownership or permissions when you try to run Filebeat modules. See Config File Ownership and Permissions