# Filebeat

This section explains how you can configure 'Filebeat' like a log shipper.

In order for filebeat component to send the log details to the event gateway,  users have to configure two elements.

1. Event Gateway Endpoint
2. Filebeat configuration 

**Step 1:** 

An example of Event Gateway Endpoint configuration is captured in the below configuration snippet

```
endpoints:
- name: fb1 # URL is implicit, http://ip:port/fb1
  type: filebeat
  stream: filebeat_1_logs
  ssl: true
  enabled: true
  xpack_features: min
  attrs:
    site_code: dataccenter2
    archive_name: filebeat_logs
  port: 9200

```

An example of Linux-based Filebeat configuration is captured in the below configuration snippet.

**Step 2:** Update hosts details in /etc/filebeat/filebeat.yml file (using your favorite editor (e.g. vi )

```
output.elasticsearch:
  # Boolean flag to enable or disable the output module.
  enabled: true

  # Array of hosts to connect to.
  # Scheme and port can be left out and will be set to the default (http and 9200)
  # In case you specify and additional path, the scheme is required: http://localhost:9200/path
  # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
  hosts: ["http://<event-gateway>:9200/fb1"]
  protocol: "http"
  ssl.enabled: false
  #ssl.verification_mode: none
```

**Step 3:** Restart the filebeat service (as shown in the below code snippet).

```
# Restart filebeat services 
bash# sudo systemctl stop filebeat
bash# sudo systemctl start filebeat
```

Note: In order to run the above commands, the user is expected to have 'sudo' privileges or run the command as a root to enable the required ports.