Can someone explain Beats Architecture?

cmpsoares · October 25, 2017, 1:21pm

Hello,

We're analysing the Beats for custom beat developments, and I was wondering if someone can explain the architecture under the hood?

I remember to see a diagram of it (from an old version) but was not able to find it anymore and imagine it changed significantly.

Thank you very much.

Best regards,
Carlos SOARES.

steffens · October 25, 2017, 1:46pm

For 5.x releases have a look at this talk.

cmpsoares · October 26, 2017, 4:44pm

Hello,

Thank you very much!
Are there already some resources available for version 6.X?

Best regards,
Carlos SOARES.

steffens · October 27, 2017, 1:03pm

No resources for 6.0 yet. Architecture is mostly the same (libbeat diagram is pretty high level ). Some common functionality has been moved to libbeat + output interfaces have been updated/simplified (somewhat internal API).

filebeat removes spooler + publisher workers (filebeat publishing has become async, making use of spooling/buffering in libbeat itself) -> libbeat notifies the registrar
winlogbeat 6.0 uses async publishing pipeline -> libbeat notifies registrar
no 'big' changes in metricbeat/haertbeat. Auditbeat uses metricbeat as framework
packetbeat no real change (I think flows publisher worker has been removed)

system · November 24, 2017, 1:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Version 6.0.0 when building from scratch Beats	6	554	February 1, 2017
Upstream journalbeat project - how do I build this? Beats	2	355	November 27, 2018
Libbeat documentation Beats beats-development	5	2457	July 5, 2017
Please point me to Beats 5.6 build server (Solaris compiled) Beats	3	448	October 24, 2017
Creat git submodules for the various beats Beats	8	418	May 23, 2018

Can someone explain Beats Architecture?

Related topics