Difference between filebeat.modules and filebeat.prospectors

There are filebeat.modules for system, audit, apache etc.
And same thing can be done using filebeat.prospectors with path: /var/log/messages etc.
So what is the difference between using a module and using prospectors with path ?
Do we get any additional benefits while using modules ?

The prospectors are only for scanning files. After configuring a prospector to scan a file, you will still need to configure the rest of the stack (i.e logstash/ingest pipelines and Kibana dashboards).

Filebeat modules in turn will not only configure the correct prospector, but it will also configure ingest pipelines for correct log parsing and also instantiate dashboards. See https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules-overview.html for more details.



I've tried playing with filebeat module, but somehow if I comment out my prospector section then the filebeat process doesn't starts at all. Can you help?

What's your filebeat configuration? Also, when you say it doesn't starts, is there an error message in the logs?

this is the error that I'm getting
2017/06/26 10:27:52.944103 beat.go:339: CRIT Exiting: No prospectors defined. What files do you want me to watch?

My filebeat.yml primarily contains this entry
#========================== Modules configuration ============================

#-------------------------------- Nginx Module -------------------------------
- module: nginx

Also if somebody can point me out to an end-to-end tutorial that would be really great. The understanding that I've built is we don't need logstash as filebeat modules by themself will create proper indexed data and store it in Elasticsearch.

Maybe @ruflin could shine here

This looks like a bug. Which filebeat version are you using?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.