Elastic Agent inputsedit
When you configure inputs for standalone Elastic Agents, the following values are supported for the input type
parameter.
Expand any section to view the available inputs:
Audit the activities of users and processes on your systems
Input | Description | Learn more |
---|---|---|
|
Receives audit events from the Linux Audit Framework that is a part of the Linux kernel. |
Auditd Module (Auditbeat docs) |
|
Sends events when a file is changed (created, updated, or deleted) on disk. The events contain file metadata and hashes. |
File Integrity Module (Auditbeat docs) |
|
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Collects various security related information about a system. All datasets send both periodic state information (e.g. all currently running processes) and real-time changes (e.g. when a new process starts or stops). |
System Module (Auditbeat docs) |
Collect metrics from operating systems and services running on your servers
Input | Description | Learn more |
---|---|---|
|
Periodically fetches JMX metrics from Apache ActiveMQ. |
ActiveMQ module (Metricbeat docs) |
|
Periodically fetches metrics from Apache HTTPD servers. |
Apache module (Metricbeat docs) |
|
Periodically fetches monitoring metrics from AWS CloudWatch using GetMetricData API for AWS services. |
AWS module (Metricbeat docs) |
|
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Retrieves various metadata, network metrics, and Docker stats about tasks and containers. |
AWS Fargate module (Metricbeat docs) |
|
Collects and aggregates Azure logs and metrics from a variety of sources into a common data platform where it can be used for analysis, visualization, and alerting. |
Azure module (Metricbeat docs) |
|
Collects metrics about any Beat or other software based on libbeat. |
Beat module (Metricbeat docs) |
|
Connects to Cloud Foundry loggregator to gather container, counter, and value metrics into a common data platform where it can be used for analysis, visualization, and alerting. |
Cloudfoundry module (Metricbeat docs) |
|
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Collects cpu, memory and blkio statistics about running containers controlled by containerd runtime. |
Containerd module (Metricbeat docs) |
|
Fetches metrics from Docker containers. |
Docker module (Metricbeat docs) |
|
Collects metrics about Elasticsearch. |
Elasticsearch module (Metricbeat docs) |
|
Periodically fetches metrics and health information from Elastic Enterprise Search instances using HTTP APIs. |
Enterprise Search module (Metricbeat docs) |
|
This module targets Etcd V2 and V3. When using V2, metrics are collected using Etcd v2 API. When using V3, metrics are retrieved from the |
Etcd module (Metricbeat docs) |
|
Periodically fetches monitoring metrics from Google Cloud Platform using Stackdriver Monitoring API for Google Cloud Platform services. |
Google Cloud Platform module (Metricbeat docs) |
|
Collects stats from HAProxy. It supports collection from TCP sockets, UNIX sockets, or HTTP with or without basic authentication. |
HAProxy module (Metricbeat docs) |
|
Used to call arbitrary HTTP endpoints for which a dedicated Metricbeat module is not available. |
HTTP module (Metricbeat docs) |
|
Periodically retrieve IIS web server related metrics. |
IIS module (Metricbeat docs) |
|
Collects metrics from Jolokia agents running on a target JMX server or dedicated proxy server. |
Jolokia module (Metricbeat docs) |
|
Collects metrics from the Apache Kafka event streaming platform. |
Kafka module (Metricbeat docs) |
|
Collects metrics about {Kibana}. |
Kibana module (Metricbeat docs) |
|
As one of the main pieces provided for Kubernetes monitoring, this module is capable of fetching metrics from several components. |
Kubernetes module (Metricbeat docs) |
|
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Reports on metrics exclusive to the Linux kernel and GNU/Linux OS. |
Linux module (Metricbeat docs) |
|
collects metrics about Logstash. |
Logstash module (Metricbeat docs) |
|
Collects metrics about the memcached memory object caching system. |
Memcached module (Metricbeat docs) |
|
Periodically fetches metrics from MongoDB servers. |
MongoDB module (Metricbeat docs) |
|
The Microsoft SQL 2017 Metricbeat module. It is still under active development to add new Metricsets and introduce enhancements. |
MSSQL module (Metricbeat docs) |
|
Periodically fetches metrics from MySQL servers. |
MySQL module (Metricbeat docs) |
|
Uses the Nats monitoring server APIs to collect metrics. |
NATS module (Metricbeat docs) |
|
Periodically fetches metrics from Nginx servers. |
Nginx module (Metricbeat docs) |
|
The Oracle module for Metricbeat. It is under active development with feedback from the community. A single Metricset for Tablespace monitoring is added so the community can start gathering metrics from their nodes and contributing to the module. |
Oracle module (Metricbeat docs) |
|
Periodically fetches metrics from PostgreSQL servers. |
PostgresSQL module (Metricbeat docs) |
|
Periodically scrapes metrics from Prometheus exporters. |
Prometheus module (Metricbeat docs) |
|
Uses the HTTP API created by the management plugin to collect RabbitMQ metrics. |
RabbitMQ module (Metricbeat docs) |
|
Periodically fetches metrics from Redis servers. |
Redis module (Metricbeat docs) |
|
Allows you to execute custom queries against an SQL database and store the results in Elasticsearch. |
SQL module (Metricbeat docs) |
|
Uses STAN monitoring server APIs to collect metrics. |
Stan module (Metricbeat docs) |
|
Spawns a UDP server and listens for metrics in StatsD compatible format. |
Statsd module (Metricbeat docs) |
|
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Monitor a Sync Gateway instance by using its REST API. |
SyncGateway module (Metricbeat docs) |
|
Allows you to monitor your server metrics, including CPU, load, memory, network, processes, sockets, filesystem, fsstat, uptime, and more. |
System module (Metricbeat docs) |
|
Periodically fetches metrics from a Traefik instance. |
Traefik module (Metricbeat docs) |
|
By default, collects the uWSGI stats metricset, using StatsServer. |
uWSGI module (Metricbeat docs) |
|
Uses the Govmomi library to collect metrics from any Vmware SDK URL (ESXi/VCenter). |
vSphere module (Metricbeat docs) |
|
Collects metrics from Windows systems. |
Windows module (Metricbeat docs) |
|
Fetches statistics from the ZooKeeper service. |
ZooKeeper module (Metricbeat docs) |
Forward and centralize log data
Input | Description | Learn more |
---|---|---|
|
Stores log files from Amazon Elastic Compute Cloud(EC2), AWS CloudTrail, Route53, and other sources. |
AWS CloudWatch input (Filebeat docs) |
|
Retrieves logs from S3 objects that are pointed to by S3 notification events read from an SQS queue or directly polling list of S3 objects in an S3 bucket. |
AWS S3 input (Filebeat docs) |
|
Reads content from files stored in containers which reside on your Azure Cloud. |
Azure Blob Storage (Filebeat docs) |
|
Reads messages from an azure eventhub. |
Azure eventhub input (Filebeat docs) |
|
Reads messages from a file path or HTTP API with a variety of payloads using the Common Expression Language (CEL) and the mito CEL extension libraries. |
Common Expression Language input (Filebeat docs) |
|
Gets HTTP access logs, container logs and error logs from Cloud Foundry. |
Cloud Foundry input (Filebeat docs) |
|
Streams the real-time events from a Salesforce generic subscription Push Topic. |
CometD input (Filebeat docs) |
|
Reads containers log files. |
Container input (Filebeat docs) |
|
Alias for |
- |
|
Alias for |
n/a |
|
Collects identity assets, such as users, from external identity providers. |
Entity Analytics input (Filebeat docs) |
|
Alias for |
n/a |
|
Alias for |
n/a |
|
Reads lines from active log files. Replaces and imporoves on the |
filestream input (Filebeat docs) |
|
Reads messages from a Google Cloud Pub/Sub topic subscription. |
GCP Pub/Sub input (Filebeat docs) |
|
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Reads content from files stored in buckets which reside on your Google Cloud. |
Google Cloud Storage input (Filebeat docs) |
|
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Initializes a listening HTTP server that collects incoming HTTP POST requests containing a JSON body. |
HTTP Endpoint input (Filebeat docs) |
|
Read messages from an HTTP API with JSON payloads. |
HTTP JSON input (Filebeat docs) |
|
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. A system service that collects and stores logging data. |
Journald input (Filebeat docs) |
|
Reads from topics in a Kafka cluster. |
Kafka input (Filebeat docs) |
|
DEPRECATED: Please use the |
n/a |
|
Alias for |
n/a |
|
Alias for |
n/a |
|
Alias for |
n/a |
|
Reads data transmitted using lightweight messaging protocol for small and mobile devices, optimized for high-latency or unreliable networks. |
MQTT input (Filebeat docs) |
|
Reads NetFlow and IPFIX exported flows and options records over UDP. |
NetFlow input (Filebeat docs) |
|
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Retrieves audit messages from Office 365 and Azure AD activity logs. |
Office 365 Management Activity API input (Filebeat docs) |
|
Collects and decodes the result logs written by osqueryd in the JSON format. |
- |
|
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Reads entries from Redis slowlogs. |
Redis input (Filebeat docs) |
|
Reads Syslog events as specified by RFC 3164 and RFC 5424, over TCP, UDP, or a Unix stream socket. |
Syslog input (Filebeat docs) |
|
Reads events over TCP. |
TCP input (Filebeat docs) |
|
Reads events over UDP. |
UDP input (Filebeat docs) |
|
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Reads events over a stream-oriented Unix domain socket. |
Unix input (Filebeat docs) |
|
Reads from one or more event logs using Windows APIs, filters the events based on user-configured criteria, then sends the event data to the configured outputs (Elasticsearch or Logstash). |
Winlogbeat Overview (Winlogbeat docs) |
Monitor the status of your services
Input | Description | Learn more |
---|---|---|
|
Connect via HTTP and optionally verify that the host returns the expected response. |
HTTP options (Heartbeat docs) |
|
Use ICMP (v4 and v6) Echo Requests to check the configured hosts. |
ICMP options (Heartbeat docs) |
|
Connect via TCP and optionally verify the endpoint by sending and/or receiving a custom payload. |
TCP options (Heartbeat docs) |
View network traffic between the servers of your network
Input | Description | Learn more |
---|---|---|
|
Sniffs the traffic between your servers, parses the application-level protocols on the fly, and correlates the messages into transactions. |
Packetbeat overview (Packetbeat docs) |