icingabeat/vendor/github.com/elastic/beats/filebeat/docs/modules-overview.asciidoc

[[filebeat-modules-overview]]
== Modules overview

Filebeat modules simplify the collection, parsing, and visualization of common
log formats.

A typical module (say, for the Nginx logs) is composed of one or
more filesets (in the case of Nginx, `access` and `error`). A fileset contains
the following:

* Filebeat prospector configurations, which contain the default paths where to
  look or the log files. These default paths depend on the operating system.
  The Filebeat configuration is also responsible with stitching together
  multiline events when needed.

* Elasticsearch {elasticsearch}/ingest.html[Ingest Node] pipeline definition,
  which is used to parse the log lines.

* Fields definitions, which are used to configure Elasticsearch with the
  correct types for each field. They also contain short descriptions for each
  of the fields.

* Sample Kibana dashboards, which can be used to visualize the log files.

Filebeat automatically adjusts these configurations based on your environment
and loads them to the respective Elastic stack components.

NOTE: At the moment, Filebeat modules require using the Elasticsearch
{elasticsearch}/ingest.html[Ingest Node]. In the future, Filebeat Modules will
be able to also configure Logstash as a more powerful alternative to Ingest
Node. For now, if you want to use Logstash, you can follow the steps described
in the section called
{logstashdoc}/filebeat-modules.html[Working with Filebeat Modules] in the
Logstash Reference.

Filebeat modules require Elasticsearch 5.2 or later.

[float]
=== Get started

To learn how to configure and run Filebeat modules:

* Get started by reading <<filebeat-modules-quickstart>>.
* Learn about the different ways to enable modules in <<configuration-filebeat-modules>>.
* Dive into the documentation for each module.