ELK Overview

The ELK Stack is a collection of three open-source products: Elasticsearch, Logstash, and Kibana.

The features of the ELK stack are as follows:

• Centralized logging and monitoring to identify problems with containers, or applications, hosted inside the pod
• Visualization tools to represent data using a graph or a chart
• Host ELK as a standalone system or a Docker container or a Kubernetes pod

Filebeat

Filebeat collects and ships log files and is also the most commonly used beat. You can install Filebeat on almost any operating system, or also as a Docker container. It includes internal modules for platforms like Apache, MySQL, Docker, MariaDB, Kafka, and many more.

Filebeat is very efficient, and it displays this in how it handles backpressure. If Logstash is busy, Filebeat slows down its read rate and picks up the beat once the slowdown is completed.

Winlogbeat

Winlogbeat ships Windows event logs to Elasticsearch or Logstash. You can install it as a Windows service. Winlogbeat reads from one or more event logs using Windows APIs, filters the events based on user-configured criteria, then sends the event data to the configured outputs (Elasticsearch or Logstash).

For configurations related to ELK, see the topic "ELK Configuration" topic in the Unica Discover Administration Guide.