Integration guide for Elasticsearch

Elasticsearch is a highly scalable open-source full-text search and analytics engine. It allows you to store, search, and analyze big volumes of data quickly and in near real time. It is generally used as the underlying engine/technology that powers applications that have complex search features and requirements.

⚠️ Warning: This integration requires a UTMStack agent to work properly. Please, make sure you have installed it before you continue.

Elasticsearch is a distributed, RESTful search and analytics engine capable of addressing a growing number of use cases. As the heart of the Elastic Stack, it centrally stores your data for lightning fast search, fine‑tuned relevancy, and powerful analytics that scale with ease.

1. Enable Filebeat module

Linux

cd /opt/utmstack-linux-agent/beats/filebeat/ && ./filebeat modules enable elasticsearch

Windows

cd "C:\Program Files\UTMStack\UTMStack Agent\beats\filebeat\" && filebeat modules enable elasticsearch  

2. Configure Filebeat module

Configure the module configuration file according to the image below. You can find it in the path:

Linux

/opt/utmstack-linux-agent/beats/filebeat/modules.d/elasticsearch.yml

Windows

C:\Program Files\UTMStack\UTMStack Agent\beats\filebeat\modules.d\elasticsearch.yml

Note: Important!! After a Filebeat module is enabled, the service needs to be restarted using the following command:

Linux

sudo systemctl restart UTMStackModulesLogsCollector

Windows

sc stop UTMStackModulesLogsCollector && timeout /t 5 && sc start UTMStackModulesLogsCollector

⚠️ Warning: Depending on how you’ve installed Filebeat, you might see errors related to file ownership or permissions when you try to run Filebeat modules. See Config File Ownership and Permissions

3. Click on the button shown below, to activate the UTMStack features related to this integration