# Filebeat

This section explains how you can configure 'Filebeat' like a log shipper.

In order for filebeat component to send the log details to the event gateway,  users have to configure two elements.

1. Event Gateway Endpoint
2. Filebeat configuration&#x20;

**Step 1:**&#x20;

An example of Event Gateway Endpoint configuration is captured in the below configuration snippet

```
endpoints:
- name: fb1 # URL is implicit, http://ip:port/fb1
  type: filebeat
  stream: filebeat_1_logs
  ssl: true
  enabled: true
  xpack_features: min
  attrs:
    site_code: dataccenter2
    archive_name: filebeat_logs
  port: 9200

```

An example of Linux-based Filebeat configuration is captured in the below configuration snippet.

**Step 2:** Update hosts details in /etc/filebeat/filebeat.yml file (using your favorite editor (e.g. vi )

```
output.elasticsearch:
  # Boolean flag to enable or disable the output module.
  enabled: true

  # Array of hosts to connect to.
  # Scheme and port can be left out and will be set to the default (http and 9200)
  # In case you specify and additional path, the scheme is required: http://localhost:9200/path
  # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
  hosts: ["http://<event-gateway>:9200/fb1"]
  protocol: "http"
  ssl.enabled: false
  #ssl.verification_mode: none
```

**Step 3:** Restart the filebeat service (as shown in the below code snippet).

```
# Restart filebeat services 
bash# sudo systemctl stop filebeat
bash# sudo systemctl start filebeat
```

Note: In order to run the above commands, the user is expected to have 'sudo' privileges or run the command as a root to enable the required ports.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudfabrix.io/rda/installation/log-shippers/filebeat.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.