ELK架构

Beats Family

Official Definition of Beats - Beats is the platform for single-purpose data shippers. They send data from hundreds or thousands of machines and systems to Logstash or Elasticsearch.

Similar to Filebeat, there are several more from the Beats family. The ELK Stack with Beats is called Elastic Stack. All the data shippers are listed below.

Filebeat - It collects and sends the log files from tens, hundreds, or even thousands of servers, virtual machines, and containers to Logstash. In this way, all the logs and files can be indexed at a central location for analysis and visualization.

Metricbeat - It collects the metrics from systems(CPU, Memory, Disk, etc) and services(Redis, NGINX, Apache, etc).

Packetbeat - It's a lightweight network packet analyzer. It analyzes, collects, and sends the network data to Logstash and Elasticsearch.

Winlogbeat - It collects and streams the Windows event logs to Logstash.

Auditbeat - Similar to Winlogbeat, it collects Linux audit framework data and monitors file integrity.

Heartbeat - It monitors services for their availability with active probing. It keeps track of the status of the services and forwards the live status and response time to Logstash.

Functionbeat - It can be deployed as a function in the cloud provider’s Function-as-a-Service (FaaS) platform like AWS Lambda, Azure Functions, etc to collect, ship, and monitor data from the cloud services.