🐠 Beats - Lightweight shippers for Elasticsearch & Logstash
Alternatives To Beats
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Docker Elk15,775
3 days ago5mitShell
The Elastic stack (ELK) powered by Docker and Compose.
Beats11,8074913 hours ago1,871July 18, 20231,015otherGo
:tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash
Awesome Elasticsearch4,616
2 months ago2unlicense
A curated list of the most important and useful resources about elasticsearch: articles, videos, blogs, tips and tricks, use cases. All about Elasticsearch!
2 years ago37gpl-3.0Jupyter Notebook
The Hunting ELK
2 years ago1otherShell
Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
6 days ago29bsd-3-clausePython
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
6 days ago2mitDockerfile
🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
Sof Elk1,337
a month ago44gpl-3.0Shell
Configuration files for the SOF-ELK VM, used in SANS FOR572
7 years ago133otherJavaScript
Kibana was acquired by Elastic in 2013. See elastic/kibana. More info at
Geektime Elk1,078
a year ago12HTML
ELK Training
Alternatives To Beats
Select To Compare

Alternative Project Comparisons

Build Status GoReportCard Reviewed by Hound

Beats - The Lightweight Shippers of the Elastic Stack

The Beats are lightweight data shippers, written in Go, that you install on your servers to capture all sorts of operational data (think of logs, metrics, or network packet data). The Beats send the operational data to Elasticsearch, either directly or via Logstash, so it can be visualized with Kibana.

By "lightweight", we mean that Beats have a small installation footprint, use limited system resources, and have no runtime dependencies.

This repository contains libbeat, our Go framework for creating Beats, and all the officially supported Beats:

Beat Description
Auditbeat Collect your Linux audit framework data and monitor the integrity of your files.
Filebeat Tails and ships log files
Functionbeat Read and ships events from serverless infrastructure.
Heartbeat Ping remote services for availability
Metricbeat Fetches sets of metrics from the operating system and services
Packetbeat Monitors the network and applications by sniffing packets
Winlogbeat Fetches and ships Windows Event logs
Osquerybeat Runs Osquery and manages interraction with it.

In addition to the above Beats, which are officially supported by Elastic, the community has created a set of other Beats that make use of libbeat but live outside of this Github repository. We maintain a list of community Beats here.

Documentation and Getting Started

You can find the documentation and getting started guides for each of the Beats on the site:

Documentation and Getting Started information for the Elastic Agent

You can find the documentation and getting started guides for the Elastic Agent on the site

Getting Help

If you need help or hit an issue, please start by opening a topic on our discuss forums. Please note that we reserve GitHub tickets for confirmed bugs and enhancement requests.


You can download pre-compiled Beats binaries, as well as packages for the supported platforms, from this page.


We'd love working with you! You can help make the Beats better in many ways: report issues, help us reproduce issues, fix bugs, add functionality, or even create your own Beat.

Please start by reading our CONTRIBUTING file.

Building Beats from the Source

See our CONTRIBUTING file for information about setting up your dev environment to build Beats from the source.


For testing purposes, we generate snapshot builds that you can find here. Please be aware that these are built on top of main and are not meant for production.


PR Comments

It is possible to trigger some jobs by putting a comment on a GitHub PR. (This service is only available for users affiliated with Elastic and not for open-source contributors.)

  • beats
    • jenkins run the tests please or jenkins run tests or /test will kick off a default build.
    • /test macos will kick off a default build with also the macos stages.
    • /test <beat-name> will kick off the default build for the given PR in addition to the <beat-name> build itself.
    • /test <beat-name> for macos will kick off a default build with also the macos stage for the <beat-name>.
  • apm-beats-update
    • /run apm-beats-update
  • apm-beats-packaging
    • /package or /packaging will kick of a build to generate the packages for beats.
  • apm-beats-tester
    • /beats-tester will kick of a build to validate the generated packages.

PR Labels

It's possible to configure the build on a GitHub PR by labelling the PR with the below labels

  • <beat-name> to force the following builds to run the stages for the <beat-name>
  • macOS to force the following builds to run the macos stages.
Popular Logstash Projects
Popular Elastic Projects
Popular Data Processing Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.