Start Filebeat

Before starting Filebeat:

Follow the steps in Quick start: installation and configuration to install, configure, and set up the Filebeat environment.
Make sure Kibana and Elasticsearch are running.
Make sure the user specified in filebeat.yml is authorized to publish events.

To start Filebeat, run:

DEB

sudo service filebeat start

Note

If you use an init.d script to start Filebeat, you can’t specify command line flags (see Command reference). To specify flags, start Filebeat in the foreground.

Also see Filebeat and systemd.

RPM

sudo service filebeat start

Note

If you use an init.d script to start Filebeat, you can’t specify command line flags (see Command reference). To specify flags, start Filebeat in the foreground.

Also see Filebeat and systemd.

MacOS

		sudo chown root filebeat.yml 1
sudo chown root modules.d/{modulename}.yml 1
sudo ./filebeat -e

	

You’ll be running Filebeat as root, so you need to change ownership of the configuration file and any configurations enabled in the modules.d directory, or run Filebeat with --strict.perms=false specified. See Config File Ownership and Permissions.

Linux

		sudo chown root filebeat.yml 1
sudo chown root modules.d/{modulename}.yml 1
sudo ./filebeat -e

	

You’ll be running Filebeat as root, so you need to change ownership of the configuration file and any configurations enabled in the modules.d directory, or run Filebeat with --strict.perms=false specified. See Config File Ownership and Permissions.

Windows

PS C:\Program Files\filebeat> Start-Service filebeat

By default, Windows log files are stored in C:\ProgramData\filebeat\Logs.